udp[.]exe | Triage

General

Target

udp.exe
Size

11KB
MD5

9eeda20988fdae43b30e24375fed9464
SHA1

39871070230236cf63b0b7d27c7b55b6db7ac47e
SHA256

3d66eb38e92b2118de127f4764b4e4fb37748aa8bec0cdca18dc72c4e2789875
SHA512

c934b8e5345a2e5927fb7f28984a9a03e89f12140df50ffd6455c681964cf56e7c09e6220350636e458883784324869b2bd43ddd148063f321999fd9f2f46bbb
SSDEEP

192:LDmK5Y90VuzftHqs6ncRlmul1Ce7JxTxnVsfxYi1T8s77Wc8RHW:PY6IvocREF+lnVKlAsnWc8RHW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

udp.exe

resource
udp.exe

Files

udp.exe
.exe windows x86

9c56e400679bb1b5ccb30e74b4572f80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

user32

MessageBoxA

mainlibr

Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_SetPythonHome
Py_SetProgramName
Py_Initialize
PySys_SetArgv
PyExc_SystemExit
PyErr_ExceptionMatches
PySys_GetObject
PyObject_CallObject
PyImport_ImportModule
Py_NoSiteFlag
PyObject_GetAttrString
PyErr_Clear
Py_Exit
PyInt_AsLong
PyObject_Str
PyErr_Fetch
PyErr_NormalizeException
PyString_FromString
PyTuple_New
PyString_Format
_Py_NoneStruct
Py_Finalize
PyRun_SimpleStringFlags
PyImport_Import
_PyString_Join

msvcr90

_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__argc
__argv
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c56e400679bb1b5ccb30e74b4572f80

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

mainlibr

msvcr90

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB