predatorstealer | VXtAzooiE[.]exe | Triage

Sharing

General

Target

VXtAzooiE.exe
Size

536KB
MD5

35a56e5bb4edb4c6a9ea41f6a0dd12e6
SHA1

21b771f649d8481f3d192723e46c1cfe344cfd98
SHA256

51b075e7b8e4cdc4fbfbc0975f314c8dbe132708cf4bfd401309211f6e305ba9
SHA512

3b8583c55516b61ed9bf129e048b8cee46e1767ce8b0a19ea13361fa25e605b7d297adaa953b440f42366c964ea54aaa8b2fe7daa4affdc3d2779840fec677c6
SSDEEP

6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUt:OPw2PjCLe3a6Q70zbYow60t

Score

10^/10

predatorstealer

Malware Config

Extracted

Family

predatorstealer

C2

http://unseamed-semaphore.000webhostapp.com/

Signatures

Predatorstealer family
predatorstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VXtAzooiE.exe

Files

VXtAzooiE.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyWork\برمجة\gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ