zebrocy | sniper1_1[.]exe

Sharing

Copy URL

Twitter E-mail

Reason

config extraction: Zebrocy: encoding/hex: invalid byte: U+0028 '('

General

Target

sniper1_1.exe
Size

7.5MB
MD5

293933e3deb38716fbd2bb9afc46744e
SHA1

c78c7c63d29976e54bca1336362a13d5833c7150
SHA256

f4108ef30f66707f4e27f6f7c1d5925047b28fc3248a48f30465925c70e524b4
SHA512

8c55e0c4b376bf680cb347bf8430f0a24546919a436098a25543451c243d0d434354d5f92737c61da95f9f3af8861cfe0514e3c4c938d92c4c2dbdb66f236b5d
SSDEEP

98304:yblyruy4KA4Q41E6St1cNX8MK26/imSGVnqC9eyXrYOAZymc9K:6lwuyS4pc5SGnqCD8OKymX

Score

10^/10

zebrocy

Malware Config

Signatures

Zebrocy Go Variant 1 IoCs

Processes:

resource yara_rule

sample Zebrocy
Zebrocy family
zebrocy
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

sniper1_1.exe

resource	yara_rule
sample	Zebrocy

resource
sniper1_1.exe

Files

sniper1_1.exe
.exe windows:6 windows x86 arch:x86

1cd364a9e949d5ecebd6c614e64bc545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

1cd364a9e949d5ecebd6c614e64bc545

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 233KB - Virtual size: 328KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 364KB - Virtual size: 364KB

/32 Size: 86KB - Virtual size: 85KB

/46 Size: 20KB - Virtual size: 19KB

/63 Size: 49KB - Virtual size: 48KB

/80 Size: 512B - Virtual size: 34B

/99 Size: 721KB - Virtual size: 720KB

/112 Size: 445KB - Virtual size: 445KB

/124 Size: 139KB - Virtual size: 139KB

.idata Size: 1024B - Virtual size: 816B

.symtab Size: 473KB - Virtual size: 472KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 233KB - Virtual size: 328KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 364KB - Virtual size: 364KB

/32
Size: 86KB - Virtual size: 85KB

/46
Size: 20KB - Virtual size: 19KB

/63
Size: 49KB - Virtual size: 48KB

/80
Size: 512B - Virtual size: 34B

/99
Size: 721KB - Virtual size: 720KB

/112
Size: 445KB - Virtual size: 445KB

/124
Size: 139KB - Virtual size: 139KB

.idata
Size: 1024B - Virtual size: 816B

.symtab
Size: 473KB - Virtual size: 472KB