phemedrone | 0x001a000000015c3e-10[.]dat | Triage

Sharing

General

Target

0x001a000000015c3e-10.dat
Size

83KB
MD5

e025c7bfa143c476a648e9daa3cfda2f
SHA1

d4f90ae2727cd20c19802eeee5589fc4e7b36ec3
SHA256

95ddb8a73ba1d02c13735fe21f335599e0659b3da7b42e23654650b89d4ddf60
SHA512

f9812370e7855acaa15f70a5ee71fa2b78040be72553cc4109276429731ab3a10924fd8e08b8ff91e9c3b0dc57c4bc32168c29416e4a401208fd2574dbd9b8f3
SSDEEP

1536:YNHNY8knGTS8Yd/exySO5T3rZlSwEKSKO9Tzpmp:YNHNYfnrZdmxa5TbZYwEKSKO9TVk

Score

10^/10

phemedrone

Malware Config

Signatures

Phemedrone family
phemedrone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x001a000000015c3e-10.dat

Files

0x001a000000015c3e-10.dat
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ