darkvision | dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b[.]exe | Triage

Sharing

General

Target

dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b.exe
Size

4.0MB
MD5

247e35b36f1fa7310918e3bf28ce0298
SHA1

3069f557958742358302fcc216f3c80517733c22
SHA256

dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b
SHA512

d702adb486eeaf270ee0904a5d6ef277025414bf050d392766763b49fa5b675939435913be7e57592757eb6d2c9f5ec93352b0714a1869fc2d71c3cb42f8495f
SSDEEP

49152:GHC3lll91kgrtu/Q+CSj2BUKWXBt1eHx/G039ygNHhPguc:NB1NgnNj2BqX7B03sgNHhl

Score

10^/10

darkvision

Malware Config

Extracted

Family

darkvision

C2

powercycle.ddns.net

Signatures

Darkvision family
darkvision

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b.exe

Files

dd86228f22a372a870efd571580bd2800c79f502a70a9b47aab2bdb10ca5766b.exe
.exe windows:5 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jdijdzfw
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xsclacgc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ