Krampus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Krampus.exe
Size

7.6MB
MD5

53a5f956d9bc641723f6651c06f0d853
SHA1

00583b18387a36a3d9e9e5b066a6ed2b0d131bdf
SHA256

08bbd0ce97834a42376944af6159aed4697655dcd3e8c47c86a118b942ed87b4
SHA512

3d69e646f32b6c2aacebe91d341c8c30766ac00b4a64f1651d6d81061e1a7948b7c3aa8513c44b3a4e628368d67a1764fc4e2ecb670303c5193b3388f76c8972
SSDEEP

196608:R1sP8xNItjWXTw/qM+nHMNZmMkqcA+KdO:PsP8wQXSqFsNZdcR2O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Krampus.exe

Files

Krampus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ