tofsee | 39fb6a97f7168d79787d8bcc96ee9ffe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39fb6a97f7168d79787d8bcc96ee9ffe
Size

14.1MB
MD5

39fb6a97f7168d79787d8bcc96ee9ffe
SHA1

ab952d716c482fe38bfbf2529213368114f1ddab
SHA256

cb112438ca2527473f2e6eefd2dc9e8764af06e1e874cda251ab91dd84b320e9
SHA512

e1f3f32bb2f91484aeb6d95930d74dd566caaf2047d1a41fbd9467b43e9e442d5237cd535ed9f2976c1bb26f168d4c856681c9f7c93292fd40d4bcf9e4701a4b
SSDEEP

6144:H5VCb4QuzF3pIryyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyC:Z8NKF3p

Score

10^/10

tofsee

Malware Config

Extracted

Family

tofsee

C2

43.231.4.7

lazystax.ru

Signatures

Tofsee family
tofsee

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39fb6a97f7168d79787d8bcc96ee9ffe

Files

39fb6a97f7168d79787d8bcc96ee9ffe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14.1MB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ