predatorstealer | iZgmWELeW[.]exe | Triage

Sharing

General

Target

iZgmWELeW.exe
Size

536KB
MD5

0eb6dbfff80ff1be420351f6a26d622f
SHA1

1ca934f59e932387e96a49d88fc05ddf2bf4db8a
SHA256

43cdfa89c733035f467ed836d47e9b4f0606694a9f0bbd2e2486f280c3b4bbca
SHA512

f03bed046630eaad253d89110cee1711243b377d22f805cdbd28a46e3c2705c987789bb499afb30ad28ce317079a6e6e47ce7064827d58f2f4bbb11d381fe2d0
SSDEEP

6144:X+BWmtpZQYS2PjCLfjSCpkALDUbr0tJ0nzbWdG/Wow7+JJUZ:OPw2PjCLe3a6Q70zbYow60Z

Score

10^/10

predatorstealer

Malware Config

Extracted

Family

predatorstealer

C2

http://unseamed-semaphore.000webhostapp.com/Panel/index.php

Signatures

Predatorstealer family
predatorstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
iZgmWELeW.exe

Files

iZgmWELeW.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyWork\برمجة\gom_v_4.0\update_windows10\update_windows10\obj\Debug\update_windows10.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ