RedDeath[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RedDeath.exe
Size

19KB
MD5

0420c7ab09096ff46c7782c2ff8facbc
SHA1

c583a86cced3ac42ac0a018fa558c5c3ac24aab4
SHA256

ee53824a852304fd0510fdd5d1e74b25d899385ab32476ed13d28fe23ad51e83
SHA512

55e2125bc88534b23bcf04d911835aa3fcc26fafc0c54230708eb55d884b4c940645c3f56bf7ff7de5ae5175b369e54a67ec9e7d21ccd9930eb02d2476ec252a
SSDEEP

384:MaZYCVaOvIC5GEk/AXFXFewGVmP7ZX+6k7eD:MUYCVPP5GEXFXcqX47e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RedDeath.exe

Files

RedDeath.exe
.exe windows:5 windows x86 arch:x86

d129bf4d60d1dc3c2db8f0de63c3bc66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\mikah\source\repos\RedDeath\Release\RedDeath.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
GetConsoleWindow
ExitProcess
GetProcAddress
CreateThread
LoadLibraryW
CloseHandle
TerminateThread
Sleep
CreateFileW
WriteFile
TerminateProcess
GetStdHandle

user32

GetWindowRect
GetDC
ReleaseDC
GetDesktopWindow
GetWindowDC
RedrawWindow
EnumDisplayMonitors
MessageBoxW
UnionRect
GetSystemMetrics
ShowWindow

gdi32

CreateFontA
CreateDIBSection
CreateCompatibleDC
PlgBlt
DeleteDC
TextOutW
SetTextColor
SetBkMode
CreatePen
DeleteObject
CreateSolidBrush
ArcTo
CreateCompatibleBitmap
BitBlt
SelectObject

winmm

waveOutUnprepareHeader
waveOutClose
waveOutWrite
waveOutOpen
waveOutPrepareHeader

vcruntime140

_except_handler4_common
memset

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_exit
_initialize_onexit_table
_register_onexit_function
_c_exit
_crt_atexit
_controlfp_s
terminate
_initterm_e
_cexit
_initterm
__p___argv
exit
_configure_narrow_argv
__p___argc
_set_app_type
_seh_filter_exe
system
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d129bf4d60d1dc3c2db8f0de63c3bc66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winmm

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 928B

.gfids Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 736B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 928B

.gfids
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 736B