babadeda | 3d632bd26d3b9e97523dc8c9ea8c7aa5 | Triage

Sharing

General

Target

3d632bd26d3b9e97523dc8c9ea8c7aa5
Size

22.1MB
MD5

3d632bd26d3b9e97523dc8c9ea8c7aa5
SHA1

837138c671370019337b7b75a98fdca4e93999e4
SHA256

29c9cf0b382b8b55e5eca9051e1a848f94fffce83c6061911c3790c80a4ae86d
SHA512

83734dbf5dcf8d6eed8b188eb0ab93030ee53c0b47dcce2f52a5680b3f1e3b625312745ab5c13fe32dc36d5963e378356ce7813c0a8389f54c08c583ca0353bc
SSDEEP

196608:GttgK19TxXaLttdCjwDhqTgcxx1gAIrJuHEUtFtLdTAfrJBPdYZ3r5kYA8YhW:4gKvlXaLttdC0w0cH1WuzjE2cT8YhW

Score

10^/10

babadeda

Malware Config

Signatures

Babadeda Crypter 1 IoCs

Processes:

resource yara_rule

sample family_babadeda
Babadeda family
babadeda
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

3d632bd26d3b9e97523dc8c9ea8c7aa5

Files

3d632bd26d3b9e97523dc8c9ea8c7aa5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ