empyrean | KamiLib_Release[.]Free[.]2024[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KamiLib_Release.Free.2024.exe
Size

38.7MB
MD5

60ce8b860c2433c4899e58190b36ccb3
SHA1

e83e26e2df92f5718647323c5547af16d21f88bb
SHA256

bba602b78e0bd776082670634e79aed2b2bbb1c82d19dcf8f4ed52d752d63fd7
SHA512

3f839c430c8a7ebfe1dbb45c347e63bb7bf302277f8558e4887956c848012b62a60483dfee2ec3354c129af60b93cfe7fe0ad6c7d25f3211048e6a86cc9bdad8
SSDEEP

786432:9hZXkdQu2horvSrC5FAEPLFXNFWh50xQZyAE7D33Pa8HI5FwR:9hZXkflFAYLFdF+2QZXEvyQGOR

Score

10^/10

pyinstaller empyrean

Malware Config

Signatures

Detects Empyrean stealer 1 IoCs

resource	yara_rule
static1/unpack001/main.pyc	family_empyrean

Empyrean family
empyrean

Detects Pyinstaller 1 IoCs

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KamiLib_Release.Free.2024.exe

Files

KamiLib_Release.Free.2024.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Kami\Desktop\tool\KamiLib\KamiLib_Cheats\KamiLib_Cheats\obj\Release\KamiLib_Release.Free.2024.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38.5MB - Virtual size: 38.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.pyc