phemedrone | dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics.exe
Size

101KB
MD5

dbd0ba5ea83428ebbbd90dfc84fa2540
SHA1

10c96556e476c224ca4860487ce12b2a65a50b29
SHA256

5478a721d309ab4ffe6a982f83fb9a8be37b44bbcb32f45e0fb08a1bf6a573e0
SHA512

3d738309dadc060a9d6a9a45048f75b8acd208e6c5c46c088372d86aed83585f0d59a69faecfa4fd717b1a4cf88b75acee5ed677dc00ffcdc0175aa193b448be
SSDEEP

1536:yzywg88dMGw3qSxfqNU3tBAo+oQPKghZq+TjHqdMWe6+DL5vda/WruFVwEKwNuwx:G/86ZuLyMY+TjHYepn5FaOru3wEK2uO

Score

10^/10

phemedrone

Malware Config

Signatures

Phemedrone family
phemedrone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics.exe

Files

dbd0ba5ea83428ebbbd90dfc84fa2540_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Volodimirus\Desktop\Phemedrone Stealer V2.2.0\Phemedrone-Stealer\obj\Release\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ