DSDS[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

DSDS.exe
Size

520KB
MD5

a1619a8388c6ebc66990cb21b226c8db
SHA1

b9e3e5e3abde4f593a2cc7e34f4886878c23219f
SHA256

e17ab9e49020baf65c20b2396b9a82e1bb1a566e2923abd3728a8a919e2dcb91
SHA512

2b8d1c8993efde85d6bf40ecb8ee30f9c16202e6247520284caf164056b29a9f6caaf4d9d1fff39246318c9935c7f504b52065adce14ec97e5b28297141d5a42
SSDEEP

12288:qbtuhS6OEkeGAfKQDlP95sc4sIxAKGDqkojJPv5:DS6OEkiP95P4sIxAKGDqkojJn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DSDS.exe

Files

DSDS.exe
.exe windows:6 windows x64 arch:x64

9e3663d719b8e59992dd3cf7001b4681

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bazan\Documents\DataSystem\HellsGate\x64\Release\HellsGate.pdb

Imports

kernel32

VerifyVersionInfoW
VerSetConditionMask
CreateFileW
GetCurrentProcessId
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
WideCharToMultiByte
Sleep
LoadLibraryW
GetProcAddress
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LoadLibraryA
GetStdHandle
SleepEx
GetModuleHandleW
GetModuleHandleA
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetTickCount
QueryPerformanceCounter
FormatMessageW
SetLastError
GetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ws2_32

WSACreateEvent
listen
recv
getaddrinfo
WSAStartup
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
freeaddrinfo
WSAResetEvent
htonl
sendto
WSACloseEvent
getpeername
getsockname
ioctlsocket
gethostname
send
getsockopt
inet_pton
connect
WSAIoctl
WSAWaitForMultipleEvents
closesocket
setsockopt
WSASetLastError
bind
WSAGetLastError
accept
inet_ntop
select
__WSAFDIsSet
socket
ntohs
recvfrom
htons

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptGenRandom

vcruntime140

strstr
wcschr
memmove
memchr
strrchr
strchr
memset
memcpy
__C_specific_handler
__current_exception
__current_exception_context
memcmp

api-ms-win-crt-runtime-l1-1-0

_errno
__sys_nerr
_beginthreadex
_register_onexit_function
_crt_atexit
_initialize_onexit_table
_set_app_type
terminate
__sys_errlist
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_configure_wide_argv
exit
_cexit
__p___wargv
__p___argc
_initialize_wide_environment
_exit
_initterm_e
_initterm
_get_initial_wide_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
__acrt_iob_func
_fseeki64
_lseeki64
_close
getchar
_wfopen
_wopen
fflush
__stdio_common_vsprintf
fputc
__stdio_common_vsscanf
ftell
feof
__stdio_common_vswprintf
fputs
fclose
fseek
fwrite
fread
_fileno
_write
_read
_set_fmode
fgets

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

strncmp
wcspbrk
strcspn
_wcsdup
_strdup
strspn
wcsncpy
strpbrk
wcsncmp
strcmp

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
wcstombs
atoi
strtol

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_wstat64
_unlink
_waccess

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

advapi32

CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextW
CryptHashData
CryptCreateHash

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e3663d719b8e59992dd3cf7001b4681

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: 390KB - Virtual size: 390KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 390KB - Virtual size: 390KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB