DuoDuoYiZhan[.]Setup[.]exe | Triage

Sharing

General

Target

DuoDuoYiZhan.Setup.exe
Size

168KB
MD5

febec5c9785daca55b2237e1faa961e7
SHA1

19da3daf76d737c4c08e69c5dd32f61d89d52423
SHA256

8cf2a282dae321522756265d9293464eb696acb5004f34733c80aff6e1d00e1a
SHA512

ab88b5bfccd0ff5102aedb927c544c2367184e7c3efa1e1c3fb4478393e810ac6d4d603605426a03eaa33b1ad66b25066e056363c00cf497e1534a77216a8a58
SSDEEP

3072:CVCpZCbWywl5YMMMMMMMMMMMMMMMMMMMMS/mKi3uRgvj7:CwpQbUDYMMMMMMMMMMMMMMMMMMMMH+g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DuoDuoYiZhan.Setup.exe

Files

DuoDuoYiZhan.Setup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ