General
-
Target
DupeFreeze.exe
-
Size
45KB
-
MD5
075d2fcc3b7e6c0b303cf60cb03ceacf
-
SHA1
59908b5413e9fd05ab8897eedcaa4980bd8cbcf8
-
SHA256
9045f9528b9519d1a73f65e58befacd53d8b02e984c0ba2b9ef1f0e3720aecc5
-
SHA512
15f47cfe51606214410fee954d433ddde8a9a1265dd6c91560ba852129b9e634dda69b2cb9b95083a793efaed51c7f07148be13ad3601062405956e8bb70ca29
-
SSDEEP
768:9ujY21TUET1/WUT1V9mo2qz5YcLVaEH9OPIozjbygX3inCnBszm07VLQwzuMRPBn:9ujY21TU0r2Knk83o3b1XSSBs37VLlPn
Malware Config
Extracted
asyncrat
0.5.8
Default
127.0.0.1:5353
127.0.0.1:10712
0.tcp.in.ngrok.io:5353
0.tcp.in.ngrok.io:10712
b0JlpL7r9fcr
-
delay
3
-
install
true
-
install_file
DeepFreeze.exe
-
install_folder
%AppData%
Signatures
Files
-
DupeFreeze.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ