Backdoor[.]Win32[.]DarkKomet[.]hqxy-99826adb38008e91d85601a21d0e17589dd8062127012694e8120a95947eba25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Backdoor.Win32.DarkKomet.hqxy-99826adb38008e91d85601a21d0e17589dd8062127012694e8120a95947eba25
Size

3.8MB
MD5

6aedbdb2b800e57de06ca9b7c3e4c06a
SHA1

f730a07f0064a3f708c529b1c89e444730e30cd1
SHA256

99826adb38008e91d85601a21d0e17589dd8062127012694e8120a95947eba25
SHA512

47062f8ffd4f18fbbfbc0816111fb6b9f2ddf9cf86a8a0bb824de40c3919ef46c63b18ba6e5f559652e9aa14c28c24af67070f8c5354927c00d3673070fe6823
SSDEEP

49152:RnsHyjtk2MYC5GDYRS46uioUYCclE3IvkyIIZQWcUBlQTNQZzei44IypfVZwR4M+:Rnsmtk2avSxYHlE3jxY1ZzIRyZViJC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.DarkKomet.hqxy-99826adb38008e91d85601a21d0e17589dd8062127012694e8120a95947eba25

Files

Backdoor.Win32.DarkKomet.hqxy-99826adb38008e91d85601a21d0e17589dd8062127012694e8120a95947eba25
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ