darkvision | e545c5728ec3ad44feaecb13c8caac5f4b899418281ea83df17048e787dcb531[.]exe | Triage

Sharing

General

Target

e545c5728ec3ad44feaecb13c8caac5f4b899418281ea83df17048e787dcb531.exe
Size

4.0MB
MD5

2eea32819c249793a43de83f9a2b93ac
SHA1

3e072c7633fae2f149e25b96e3b3315f94428fee
SHA256

e545c5728ec3ad44feaecb13c8caac5f4b899418281ea83df17048e787dcb531
SHA512

0c0ad3832bc2e41edf8d99577d97c011c18a9c86fd187e27ee8986f376f284316b1b78f900aa4e31a4e532151f67e9426945afd0a1433eb30a260c71e407c4b5
SSDEEP

49152:qT0IGMXuq88wrAyCRMMxmB/s4tx4zL3rEC3/eaQ6uQsI35UkiSOINRH:S5sNAkssuYC3bsI354SnH

Score

10^/10

darkvision

Malware Config

Extracted

Family

darkvision

C2

powercycle.ddns.net

Signatures

Darkvision family
darkvision

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e545c5728ec3ad44feaecb13c8caac5f4b899418281ea83df17048e787dcb531.exe

Files

e545c5728ec3ad44feaecb13c8caac5f4b899418281ea83df17048e787dcb531.exe
.exe windows:5 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uzrzsfep
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jtldjmmt
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ