2023051602e3277f4cb0aef3a0e6f4f54e89c9eedestroyerkangaroo[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023051602e3277f4cb0aef3a0e6f4f54e89c9eedestroyerkangaroo.exe
Size

18KB
MD5

02e3277f4cb0aef3a0e6f4f54e89c9ee
SHA1

0eeb24c3bd46560cf9bf53ed665e3188bc861c3a
SHA256

9d08db998f84b782c6821662d3f18e0b660d2f61c109cc4a23ff28556f4deaf1
SHA512

63ca799a70d317adf892d7005631c6325cdc829d3bd92147f16e2364853ecef5eba81b095a445a1e3a22453d7925ddb5cf7158a010c3da9a9851e38dba958d36
SSDEEP

384:IfX8Obeab6xAraECxkJ7PfXXqHbiqZZK09QmY1fTgT01p1MN/9bZRHiqWMQhWf:If3lvaEcktUic5imoYC0ZU6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023051602e3277f4cb0aef3a0e6f4f54e89c9eedestroyerkangaroo.exe

Files

2023051602e3277f4cb0aef3a0e6f4f54e89c9eedestroyerkangaroo.exe
.exe windows x86

a2cd52cf31250cbc8e01c8c970423a4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegDeleteValueW
CryptHashData
CloseEventLog
RegSetValueExW
RegCloseKey
ClearEventLogW
CryptAcquireContextW
OpenEventLogW
CryptDeriveKey
CryptReleaseContext
RegDisableReflectionKey
CryptEncrypt
CryptCreateHash
RegOpenKeyExW
CryptDestroyKey
CryptDestroyHash

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSLogoffSession
WTSDisconnectSession

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

GetCurrentThreadId
GetModuleFileNameW
ExpandEnvironmentStringsW
CreateThread
GetVolumeInformationW
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetFileTime
CreateToolhelp32Snapshot
FindNextFileW
UpdateResourceW
GetSystemDefaultLangID
ExitProcess
GetFileSize
CreateMutexW
FindFirstFileW
SetFilePointer
FreeResource
lstrlenA
GetDriveTypeW
SetEndOfFile
FindResourceW
LoadResource
CreateProcessW
EndUpdateResourceW
GetLogicalDriveStringsW
GlobalLock
WaitForSingleObject
GetModuleHandleW
GetTickCount
VirtualFree
SetFileTime
WriteFile
OpenProcess
GlobalAlloc
TerminateThread
Sleep
CopyFileW
SizeofResource
GetFileAttributesW
TerminateProcess
ReadFile
lstrcatW
CreateFileW
ExitThread
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetLastError
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
MoveFileW
GetSystemDefaultLocaleName
GlobalFree
FindClose
Process32FirstW
ProcessIdToSessionId
LockResource
WaitForMultipleObjects
Process32NextW
WTSGetActiveConsoleSessionId
lstrcmpiW
CloseHandle

user32

CloseClipboard
GetMessageW
PostQuitMessage
LoadCursorW
DispatchMessageW
DefWindowProcW
SetWindowTextW
SetClipboardData
UpdateWindow
GetSystemMetrics
MessageBoxW
OpenClipboard
CreateWindowExW
ShowWindow
EmptyClipboard
ReleaseDC
GetWindowTextW
GetWindowLongW
LoadIconW
RegisterClassExW
TranslateMessage
GetDC
wsprintfW

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

CommandLineToArgvW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2cd52cf31250cbc8e01c8c970423a4b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

advapi32

wtsapi32

mpr

kernel32

user32

gdi32

shell32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 2KB