zingo | DupeRobux[.]exe | Triage

Sharing

General

Target

DupeRobux.exe
Size

57KB
MD5

c870b1f3b3cf0d17f9c88655e65bcc64
SHA1

d8bd42eb5d6cb916cc1d0c4c42efc638b4047094
SHA256

34dd8e8bbf48f42744c0f18a53dd494cd383ae6b7f85b89cda97a788955c3531
SHA512

dccbe647e30e3c0c946b60ac2070dba4a20595510b22b1c03cfb555aa36314c17d0de147bdf72ddb5dd2974f09412866ce4adec361a675f16dd9df136c4d1a1d
SSDEEP

768:Qx6mRbM5xKw0nrDtfPTsOZn3X9LYRaUhehM78wOcOkPsgXDkO:Q1RbS0rD1PTsOZdLMeSAd63

Score

10^/10

zingo

Malware Config

Signatures

Zingo family
zingo

Zingo stealer payload 1 IoCs

resource	yara_rule
sample	family_zingo

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DupeRobux.exe

Files

DupeRobux.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Xrq\Desktop\V2\CockyGrabber\obj\Debug\Ginzo.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ