d00d498effb3b37ed112f383ad93cb9131bdaa45230893a0cf609bd82cf2ddfa

Sharing

Copy URL Twitter E-mail

General

Target

d00d498effb3b37ed112f383ad93cb9131bdaa45230893a0cf609bd82cf2ddfa
Size

216KB
MD5

bfb1bcf7cc0f078da651da58d8904226
SHA1

e52bfd578c27d8517fcdb2be1b9651bb15bc92de
SHA256

d00d498effb3b37ed112f383ad93cb9131bdaa45230893a0cf609bd82cf2ddfa
SHA512

dc49b4c80496ba4f0ec539e4c7430d45de7e9a505936759ae292cf85e2fb69f36fff712397ea58bb677f7bc76d7e09b1a21f10fe90604c7503f3937a5a01f2e0
SSDEEP

6144:T8tYebHJCOR1MXTGeBEbW4mO+ZgVjyeL+:T8tY0HJhR1MuZj

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d00d498effb3b37ed112f383ad93cb9131bdaa45230893a0cf609bd82cf2ddfa

Files

d00d498effb3b37ed112f383ad93cb9131bdaa45230893a0cf609bd82cf2ddfa
.exe windows:4 windows x64 arch:x64

cd04de301219751a77ea89cf48975a95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_time64
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
rand
signal
srand
strlen
strncmp
vfprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd04de301219751a77ea89cf48975a95

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 201KB - Virtual size: 201KB

.rdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 612B

.xdata Size: 512B - Virtual size: 468B

.bss Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 120B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 201KB - Virtual size: 201KB

.rdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 612B

.xdata
Size: 512B - Virtual size: 468B

.bss
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 120B