yfoye_dump[1][.]exe

Sharing

Copy URL Twitter E-mail

General

Target

yfoye_dump[1].exe
Size

36KB
MD5

efc9040f587a5dd9e1de4707ec1ed8c5
SHA1

43e7b85bb4282b731a8cbcd41a53fcaed49af0ab
SHA256

c2581af6d4ff858b9fdf6c3bb6c32f988873057c0c28342b4c4bfa659ca5c0a8
SHA512

d649675d1092dbc6ce7af3f83eaf048f1f4bbd6a15dfe8087ecedbbe1c837ff6de1264a0d5239cebc1451e8a6e624afee7e13a98b4b4a08c7f91218908e799fd
SSDEEP

384:kDdB16rbw9tkVR/2thvZkYqIgKkZtiycNPwvPyHWPbwHowHSWQEkE6S+j:kJB1ubWashRm8/PwvPKWPQB7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yfoye_dump[1].exe

Files

yfoye_dump[1].exe
.exe windows:5 windows x86 arch:x86

c9c385a1ea5fd2e79c5c225a4e001594

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtect
WideCharToMultiByte
CreateFileA
GetFileSize
WriteFile
ReadFile
WaitForSingleObject
CreateRemoteThread
ReadProcessMemory
CloseHandle
WriteProcessMemory
DeviceIoControl
GetLastError
GetComputerNameA
FindResourceA
LoadResource
SizeofResource
Module32First
LockResource
Module32Next
CreateToolhelp32Snapshot
LoadLibraryA
Process32Next
Sleep
OpenProcess
Process32First
FindNextFileA
GetModuleFileNameA
FindFirstFileA
GetProcessHeap
HeapFree
HeapAlloc
GetModuleHandleA
GetProcessId
GetProcAddress
VirtualAllocEx
GetCurrentProcess

user32

ExitWindowsEx
MessageBoxA

advapi32

LookupPrivilegeValueA
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegSetValueExA
GetUserNameA
AdjustTokenPrivileges

shlwapi

StrStrIA
PathCombineA
StrCmpNA
StrCmpNIA

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9c385a1ea5fd2e79c5c225a4e001594

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

crypt32

wininet

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB