Static task
static1
General
-
Target
DDNet-Server.exe
-
Size
2.5MB
-
MD5
e9fed2ac06696f221f516fe1821c098e
-
SHA1
cd27ff61bff705868a8fb1835d808d5884f6f2e7
-
SHA256
4cec50215eef03448b6acbc220e2e5e2218fb53f5d4903df340ff2efbab945ce
-
SHA512
6c709193a8a3960d7ea2902dc6bf00f10c8ff5516ee0c54b690fb74b2d9617be5a0c8938ec68d9384e0dcf612c6c1512e23b090c205714bd535fec0570b3014f
-
SSDEEP
49152:ZxfohdbL2VRAkiyNFhdhh6lb18G5PVDoJzloMOQyMZo:ZxGQFhdhhQqJZoMgM6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource DDNet-Server.exe
Files
-
DDNet-Server.exe.exe windows:4 windows x64 arch:x64
61ff3cb7f61b92bd96a2cb2dbb5f5c15
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
libcurl
curl_easy_cleanup
curl_easy_escape
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_free
curl_global_init
curl_share_init
curl_share_setopt
curl_slist_append
curl_slist_free_all
curl_version_info
sqlite3
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_text
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_column_type
sqlite3_errmsg
sqlite3_exec
sqlite3_expanded_sql
sqlite3_finalize
sqlite3_free
sqlite3_libversion
sqlite3_libversion_number
sqlite3_open
sqlite3_prepare_v2
sqlite3_step
advapi32
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
SystemFunction036
bcrypt
BCryptGenRandom
kernel32
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CancelIo
CloseHandle
CompareStringOrdinal
ConnectNamedPipe
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetUserDefaultLocaleName
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fdopen
_fileno
_fmode
_fpreset
_get_osfhandle
_getpid
_initterm
_localtime64
_lseeki64
_onexit
_open_osfhandle
_stricmp
_strnicmp
_time64
_vsprintf_p
_wgetenv
_wopen
abort
bsearch
calloc
exit
fclose
ferror
fflush
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
rand
realloc
signal
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strrchr
strspn
strtol
strtoul
tolower
ungetc
vfprintf
wcscmp
wcslen
wcstombs
_write
_read
_open
_close
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
ole32
CoInitializeEx
CoUninitialize
libwinpthread-1
clock_gettime
nanosleep
pthread_cond_broadcast
pthread_cond_wait
pthread_create
pthread_detach
pthread_getspecific
pthread_join
pthread_key_create
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_num_processors_np
pthread_once
pthread_self
pthread_setspecific
shell32
CommandLineToArgvW
SHChangeNotify
ShellExecuteExW
shlwapi
PathIsRelativeW
libssp-0
__stack_chk_fail
__stack_chk_guard
user32
ShowWindow
userenv
GetUserProfileDirectoryW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
ws2_32
WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
WSAStringToAddressA
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htons
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 507KB - Virtual size: 507KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 602KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 57B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ