Dr2acula PS&CMD[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Dr2acula PS&CMD.zip
Size

26KB
MD5

81157fe0c872f3a885ab79025d543e9a
SHA1

d3e7ee646b155a2967e60478bf954a1861c3fe7f
SHA256

dfa463fe409166e47207ec790fbc65e6e8f1e02f9976d4a04d3e452579955184
SHA512

8147142f5f1931e185d389acfbad8c4bf2b565d9b86d89156fc2743bb9140596bbb8fd3424ec1a1ebddc20efbbc3a317854205769fd51d2d1298ca9ba5e96615
SSDEEP

384:CQlece8Us+yzPQB+zxTsEUtB7PlY7hYByphO+s5TYCE7M9W/mgjfn3e4ECITFIJb:CteycsEK79ShYy85YCjaHn3BBIYfd7DB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dracula PS&CMD/Install/ColorTool.exe

Files

Dr2acula PS&CMD.zip
.zip
Dracula PS&CMD/Install/ColorTool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\console\src\tools\ColorTool\ColorTool\obj\Release\net461\ColorTool.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dracula PS&CMD/Install/install.cmd
Dracula PS&CMD/Install/install/Dracula-ColorTool.itermcolors
.xml
Dracula PS&CMD/Install/install/Remove Default Console Overrides.reg
Dracula PS&CMD/Install/install/Windows PowerShell (x86).lnk
.lnk
Dracula PS&CMD/Install/install/Windows PowerShell.lnk
.lnk
Dracula PS&CMD/Install/uninstall.cmd
Dracula PS&CMD/Install/uninstall/Restore Default Console Overrides.reg
Dracula PS&CMD/Install/uninstall/Windows PowerShell (x86).lnk
.lnk
Dracula PS&CMD/Install/uninstall/Windows PowerShell.lnk
.lnk
Dracula PS&CMD/Install/uninstall/campbell.ini
Dracula PS&CMD/READ FIRST !!!.txt
Dracula PS&CMD/READ FIRST !!.txt
Dracula PS&CMD/READ FIRST !.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 32KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B