Kangaroo[.]exe | Triage

Sharing

General

Target

Kangaroo.exe
Size

311KB
MD5

2e0d1b3006c90e6483a869b638f979be
SHA1

a42766bf9f315fbc0552d96b6a41a9640bde22f5
SHA256

f1527aa38e7f8b31c3e6724eddecdc698cd3f5514873bc0157ef86254e2e0085
SHA512

b8d66e7d5e895eb0f96c582724ecd8f00ae41af57d21c48972a873c27944798a505bf33df32031130b9db40d4821b0e0f1bf9f9eec798b5621af60ab5fda1a82
SSDEEP

6144:SGnKyjWo7gB8eOCJG3FGJljXdQprzvEXaAMw0YYaZB6gkipk3mmw0OKggr5i0OK6:SGKsWR8FCw3wjXdQpv6aAMpQZtxTSgqs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kangaroo.exe

Files

Kangaroo.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ