2051cc897456d03138a6e709ac3d6f1b

Sharing

Copy URL Twitter E-mail

General

Target

2051cc897456d03138a6e709ac3d6f1b
Size

951KB
MD5

2051cc897456d03138a6e709ac3d6f1b
SHA1

a29987902b69cdb0208dcf50d4cc1eb3eb7396a5
SHA256

498f8fef7744485ef9da3c50819de9aef73fd19f06800e0f64444341d75a7c16
SHA512

24105b3f89e7d44eeb57842578a2f350f796c543cd8ed76a0785bffc0a625b4687679b56f3b89cb0521a226e95cba7571d6446fc2a0a8187041e5a6845886c12
SSDEEP

24576:RKsjYQEQrmRGE/Pefd+eEZblINuuhPGQLCahveqa:RJKBRN3jZbPzQLCaFet

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/darkstorm/TF2Base.dll
unpack001/darkstorm/TF2Base.exe

Files

2051cc897456d03138a6e709ac3d6f1b
.zip
darkstorm/Darkstorm.ini
darkstorm/Darkstorm.log
darkstorm/TF2Base.dll
.dll windows:5 windows x86 arch:x86

655f65ea91f1ec9556f48f5837cae81e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter

Exports

Exports

cvar
g_pCVar

Sections

Size: 268KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

onxxmfcg
Size: 625KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eowxaebd
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
darkstorm/TF2Base.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
darkstorm/process.ini

Sharing

General

Malware Config

Signatures

Files

655f65ea91f1ec9556f48f5837cae81e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

Size: 268KB - Virtual size: 716KB

.rsrc Size: 512B - Virtual size: 436B

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 812KB

onxxmfcg Size: 625KB - Virtual size: 628KB

eowxaebd Size: 1024B - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 105KB - Virtual size: 104KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 436B

.idata
Size: 512B - Virtual size: 4KB

onxxmfcg
Size: 625KB - Virtual size: 628KB

eowxaebd
Size: 1024B - Virtual size: 4KB

.text
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B