xehook | 3bbdaa00d0153f3dd06c1bfb5901c88129bd6692588b2cf9f7aa80836f547b92[.]zip

General

Target

3bbdaa00d0153f3dd06c1bfb5901c88129bd6692588b2cf9f7aa80836f547b92.zip
Size

57KB
MD5

22fb51e4189ad55585b292d97a9d4c43
SHA1

9a4e278204631e630f27aa74f64d8c04686b8f79
SHA256

e3306564878e080f2d3d0c271431f53cf434c5046106a483e095bed1ded33761
SHA512

bc31297226672e67dd64ac1395008b7e4956f4c8b6866ed0a3724fd59abbce9b5fe460bc6991fdc84a5dc7173fbc48c1c51efd579779ad08ab2e704f53bb4b9f
SSDEEP

1536:azOYoWrgYieGohlQWM2BdVMy6c8Jur5GuMOb:azpgYrDG2IJurh

Score

10^/10

xehook

Family

xehook

Version

2.1.5 Stable

C2

https://t.me/+w897k5UK_jIyNDgy

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3bbdaa00d0153f3dd06c1bfb5901c88129bd6692588b2cf9f7aa80836f547b92

3bbdaa00d0153f3dd06c1bfb5901c88129bd6692588b2cf9f7aa80836f547b92.zip
.zip

Password: infected
3bbdaa00d0153f3dd06c1bfb5901c88129bd6692588b2cf9f7aa80836f547b92
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ