sality | fc0a18ddfe08a001863de6f366c76712 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc0a18ddfe08a001863de6f366c76712
Size

143KB
MD5

fc0a18ddfe08a001863de6f366c76712
SHA1

e833a628c392feae56451d5b23235dcd7d298c2e
SHA256

76a17e461362136b2c5c2b22c13b1a57df88b02f9b1e927202be45f087255800
SHA512

585c8c3a7fb6eb01c017e7500478fd68814af88a91ef499d04ce5b7b844e333b92cfca5d0a1220a0bca8f7a4eeb2478b5d3f5ff3f0073d752483143b68e39426
SSDEEP

3072:R7HibvPPoCujRaRsUs1gEE29qA/2V4fOBvsMMBQ/b:NHirLujRaRsU8gEE1A/2V4fOBvs/B2

Score

10^/10

sality

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

Sality family
sality

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc0a18ddfe08a001863de6f366c76712

Files

fc0a18ddfe08a001863de6f366c76712
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ