arkei | 6143734a8c9cae36bfde4f4b67f3c604 | Triage

Sharing

General

Target

6143734a8c9cae36bfde4f4b67f3c604
Size

94KB
MD5

6143734a8c9cae36bfde4f4b67f3c604
SHA1

b31724ee6f803e3831f5d6727711044168fe06d3
SHA256

7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687
SHA512

7e2bde82857b7ccbbee13fa4e914fa5e0b9d47b8ca6c3e662e634b7c5d5f171dbbc28769183585ecb7b1ddc766341ffb0dd054fbdd4fcffa4302da0cd4d8794b
SSDEEP

1536:ZTJ91Cl2CAA8zlEPC++OLliyoqMGGVA0agvHE7OatqYFCcY0b5DeNUfJ:P91Cl2CL8zi1iyoFW0aSkiS/Y0bReN0J

Score

10^/10

arkei

Malware Config

Extracted

Family

arkei

C2

cookreceipts.fun/some2.php

Signatures

Arkei family
arkei
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

6143734a8c9cae36bfde4f4b67f3c604

Files

6143734a8c9cae36bfde4f4b67f3c604
.exe windows:5 windows x86 arch:x86

3e2c7440b2fc9e4b039e6fa8152ac8fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbsicmp
rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
strncpy
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strstr
_putenv
getenv
??3@YAXPAX@Z
strtok
__setusermatherr
??2@YAPAXI@Z
memcpy
memset

kernel32

GetModuleHandleA
CreateFileMappingW
CreateFileW
MultiByteToWideChar
GetStartupInfoA

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ