phemedrone | system[.]exe | Triage

Sharing

General

Target

system.exe
Size

101KB
MD5

026c873c2746cf3f35895d7625a04416
SHA1

54e3429a356f8bb31be6e837bea0aa120d712df7
SHA256

1af12da85652a16a3b4b42aabe905ce35ae4784586d06a33859753d5e89d6c22
SHA512

799e681097f815b3a8b0c996187555459861a0434f1620872185a81da898b083fe4c162df9dd0f24c00995848f862ff8bd8e67772d916118c137c72fd225ac6f
SSDEEP

1536:6MGyQBW6bp0fNmDtBAJeoQPK+e6+T9HYr0FkWe6+DL5vda/WrNFVwEKwzu55kCq:6pyYLLy+7+T9HoWepn5FaOrN3wEK8uq

Score

10^/10

phemedrone

Malware Config

Signatures

Phemedrone family
phemedrone
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

system.exe

Files

system.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Phemedrone-Stealer-main\Phemedrone-Stealer\obj\Release\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ