Backdoor[.]Win32[.]DarkKomet[.]hqxy-be40a12c8376cfdb4a17a7e8e82ef7e81eced58da666153dc95567e8fc6d6a83 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Backdoor.Win32.DarkKomet.hqxy-be40a12c8376cfdb4a17a7e8e82ef7e81eced58da666153dc95567e8fc6d6a83
Size

1.5MB
MD5

b5db610422f378a0614d71c86a5b89b9
SHA1

0a062dd32e89e3df7416ca5fcd3301ad979ae1a8
SHA256

be40a12c8376cfdb4a17a7e8e82ef7e81eced58da666153dc95567e8fc6d6a83
SHA512

e5b78fdb9271c0d187d21daad3e54e1d81eb69af4850675ee59e93f2bd251a94779015a4564a0d8065388aa11144a4783e29d01c93ed7b968b8efe859a7140ff
SSDEEP

12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9l4Q4+jEjuRigBO/nf4b0x:ansJ39LyjbJkQFMhmC+6GD9mQHj7OZn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.DarkKomet.hqxy-be40a12c8376cfdb4a17a7e8e82ef7e81eced58da666153dc95567e8fc6d6a83

Files

Backdoor.Win32.DarkKomet.hqxy-be40a12c8376cfdb4a17a7e8e82ef7e81eced58da666153dc95567e8fc6d6a83
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 874KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ