HammerDuke[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HammerDuke.exe
Size

49KB
MD5

d3109c83e07dd5d7fe032dc80c581d08
SHA1

42e6da9a08802b5ce5d1f754d4567665637b47bc
SHA256

8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96
SHA512

c894ae4547414b3a339d1f3707064666f98303fee70093c781c2a855fb5f024557145e1aac868926a42ab4e0a79ee3881c4377324387af5063dda7504ef2b1b3
SSDEEP

384:cYhREcpn4+KwnU+MxdwHZHTHu7c/70R+MYKN1pbGgbYyTknWGAWl5LWU:cYfE4xn1W2JD0R/1p5bJYWKL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HammerDuke.exe

Files

HammerDuke.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ