phemedrone | 1137bbb4cba39878cec6719df21630df[.]bin | Triage

Sharing

General

Target

1137bbb4cba39878cec6719df21630df.bin
Size

61KB
MD5

2ce24d9d48abaf52a093d2bcbca40588
SHA1

28b1fecaef46fa4db8fff61acf16093205c1e400
SHA256

96add24d1011aa303c0622dbe73bbcdd62493af0e315c49c846fb74492a7bd86
SHA512

021a7264b6a0d23fba1a639c311749649c4a51e69bc4a4b7687e449aa0e5ce6552af3d8e7debfe2405e4ad3761be7c1210e26c71cba798e5aa36749b10ecf255
SSDEEP

1536:UgFUaPzz0YjwGcS4g/xPDFVLkiyZ5ctU/URon:UuUaPXaSrxPDFVKZUI8+

Score

10^/10

phemedrone

Malware Config

Signatures

Phemedrone family
phemedrone

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/de9738bd66cf075e2de53f21c2bcc5b79709c68e7899e9ce3c045ff485e8d499.exe

Files

1137bbb4cba39878cec6719df21630df.bin
.zip

Password: infected
de9738bd66cf075e2de53f21c2bcc5b79709c68e7899e9ce3c045ff485e8d499.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ