arkei | 05df16fb5968088df557b088ba716ac1 | Triage

Sharing

General

Target

05df16fb5968088df557b088ba716ac1
Size

91KB
MD5

05df16fb5968088df557b088ba716ac1
SHA1

04437aa2026afe301cc1d7c27645cc66ab2cc351
SHA256

76a2b318f820e18d3d5e657aff1215cc4d646c5ae3971835eb9868a193b221ae
SHA512

20b878f61dd6f56e9038034d9c6273fb96f4213c0385afef8845460298ad02c1eee0431f55c0b771379567f608f1c2f54a4180a05bdbd558e52e9d05dc3b5e53
SSDEEP

1536:qm591Cl2cU8P0cYgQsHwTzoqMGGlg0agvHXs3aIj7nKNvfz:791Cl2R8c8QTzoFm0aS3tpz

Score

10^/10

arkei

Malware Config

Extracted

Family

arkei

C2

95.181.157.6/QloA6KMJke.php

Signatures

Arkei family
arkei

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05df16fb5968088df557b088ba716ac1

Files

05df16fb5968088df557b088ba716ac1
.exe windows:5 windows x86 arch:x86

8e4edd7becf7ca0022ca7c42950650b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_putenv
strstr
strncpy
_mbsicmp
rand
srand
_exit
_XcptFilter
exit
_acmdln
getenv
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??3@YAXPAX@Z
strtok
__getmainargs
??2@YAPAXI@Z
memcpy
memset

kernel32

GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ