xehook | 583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d[.]zip

Resubmissions

13-09-2024 09:50

240913-lt52vawgrl 10

13-09-2024 09:49

240913-ltjtlsxckd 10

13-09-2024 09:48

240913-ls2b9swgmp 10

Sharing

Copy URL

Twitter E-mail

General

Target

583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d.zip
Size

57KB
MD5

72f6e6aa7d06934994830b2d8688bdd1
SHA1

84cc4b7c4ce4e5d998dcf824d4ff9a6883d60690
SHA256

48e2f49ef81bcbcf043ee031085b0f6038fa04c0992e69a2f11587cf578b78d0
SHA512

04521cc3b582586f384ad5c7adfd232dfcf13e11216ec0040d9d4018bd9c0d91d65d82aac39a240a1e387cd6090976106a26cb96b740afca70f1275e19505160
SSDEEP

1536:jlRxdbRvTWs+HMBPF/jxb+J5xnwuw60HWwo0rcD5L31In5qd:jlRxdF4HMBPF/tK5Rq2FZr1yEd

Score

10^/10

xehook

Malware Config

Extracted

Family

xehook

Version

2.1.5 Stable

https://t.me/+w897k5UK_jIyNDgy

Attributes

id
208
token
xehook208262680500151

Signatures

Xehook family
xehook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d

Files

583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d.zip
.zip

Password: infected
583c1eb6360379032d7cf7e6a60e09cfe74c7ecd36174016f293b060537fa52d
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 148KB - Virtual size: 148KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 148KB - Virtual size: 148KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B