fabookie | 67a143d2cf49282aa6aaf0871635f009[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67a143d2cf49282aa6aaf0871635f009.bin
Size

1.2MB
MD5

67a143d2cf49282aa6aaf0871635f009
SHA1

2ec9505b847f0c9a01278fc4260b3553453c9abc
SHA256

7aeb543dc2b4f1475816f14ed293c753d0093c603f2f845b6ed3d9040602862e
SHA512

e8a2daaba4ae32caf5c4735e2ab4869b690e7945086c0697769eee186f4de0d71e11ac912cb1b17c076351b3263fd9b6d16fe8c98d81ce984134dbed25727c9d
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAY1ftxmbfYQJZKkQA:7I99DEWVtQAYZmn0J

Score

10^/10

fabookie

Malware Config

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
sample	family_fabookie

Fabookie family
fabookie

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67a143d2cf49282aa6aaf0871635f009.bin

Files

67a143d2cf49282aa6aaf0871635f009.bin
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ