General
-
Target
Mail Access Checker by xRisky v2 [Paid version].exe
-
Size
68.1MB
-
MD5
7f729ebff2ded8b806ca0a904dd1f759
-
SHA1
acdad6c2c68589a8cbf93127cfd596a4a033563d
-
SHA256
188cfc5b7a49d57bdd20519dd26e5e69424359995fe6582c54d2f3fb78d2ead9
-
SHA512
a9f8a5bd8f81ce0d7a37ea4fd6bc007542727194fcb7040cd917ea07b7bd827ec89735ea31e1375fa399afbb53497581d2f8b85083805446a0960b1fe782783d
-
SSDEEP
1572864:KRWKf5aPpViUdnDIbhoIDt05cLHljPqHq2MbIep/AexKhHRnfYsdW4dU:KRWKfipViUdDIFb9qKZDVx8dU4d
Malware Config
Signatures
-
SectopRAT payload 1 IoCs
resource yara_rule sample family_sectoprat -
Sectoprat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Mail Access Checker by xRisky v2 [Paid version].exe
Files
-
Mail Access Checker by xRisky v2 [Paid version].exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 67.8MB - Virtual size: 67.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 298KB - Virtual size: 298KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ