C:\Users\Xrq\Desktop\V2\CockyGrabber\obj\Debug\Ginzo.pdb
General
-
Target
DupeRobux.exe
-
Size
57KB
-
MD5
c870b1f3b3cf0d17f9c88655e65bcc64
-
SHA1
d8bd42eb5d6cb916cc1d0c4c42efc638b4047094
-
SHA256
34dd8e8bbf48f42744c0f18a53dd494cd383ae6b7f85b89cda97a788955c3531
-
SHA512
dccbe647e30e3c0c946b60ac2070dba4a20595510b22b1c03cfb555aa36314c17d0de147bdf72ddb5dd2974f09412866ce4adec361a675f16dd9df136c4d1a1d
-
SSDEEP
768:Qx6mRbM5xKw0nrDtfPTsOZn3X9LYRaUhehM78wOcOkPsgXDkO:Q1RbS0rD1PTsOZdLMeSAd63
Malware Config
Signatures
-
Zingo family
-
Zingo stealer payload 1 IoCs
Processes:
resource yara_rule sample family_zingo -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource DupeRobux.exe
Files
-
DupeRobux.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ