darkcomet | 95f0f7a6e0557c42be822aa72e4e31a6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95f0f7a6e0557c42be822aa72e4e31a6
Size

1.1MB
MD5

95f0f7a6e0557c42be822aa72e4e31a6
SHA1

f8d43433ee501d0107eda75398527e856ae67e1f
SHA256

ddc318e2b67b5dda548e04a1551f9340af0467ecc0203cf52a2cb134a1db9298
SHA512

b88919fb2d92b5826c43cc2e624cd91e75329ad2539a586bd841376c3e32f124513ca5940415f1b3ec72b8f3c017a70c55f76ebbc8595042c0d0e6569c787c38
SSDEEP

24576:MzEphV7kLgysIJnxpQtZJb4uH3OJgFld4ttbwBJwD8iTF78mz5RzVMpul1:Mo34FseXQtZF4COJgjd4ttb+wZ7HD5l/

Score

10^/10

darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95f0f7a6e0557c42be822aa72e4e31a6

Files

95f0f7a6e0557c42be822aa72e4e31a6
.exe windows:4 windows x86 arch:x86

834af16f1377fd73890c94477fc455d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord660
ord595
ord520
ord631
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord607
ord608
ord717
ProcCallEngine
ord644
ord570
ord648
ord573
ord681
ord578
ord685
ord100
ord616
ord617
ord618

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ