ddd82e57db46197efb598ba644dac17a4a861b420686068d9a288a631cbea9c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddd82e57db46197efb598ba644dac17a4a861b420686068d9a288a631cbea9c3
Size

756KB
MD5

96624170e3906e5708557e2d45390c53
SHA1

63b0d2325eec2e49560f6123c7edd66f0918a6b5
SHA256

ddd82e57db46197efb598ba644dac17a4a861b420686068d9a288a631cbea9c3
SHA512

23dcafa97fc9c14a1df2fad911822b954e6751c3028cd65d35dd4ea6c1781422769b2d7291ebe1020fed89245f7d21eb3dc2a621c61938efc2d4153af718f2eb
SSDEEP

12288:xaSelsF42LARirbmHLE+WlF8lCbV6gGhtUb+jmBfOqCSysb6V92:xaSeaF88rbmHLYlLVmtUtBfOqhb+

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddd82e57db46197efb598ba644dac17a4a861b420686068d9a288a631cbea9c3

Files

ddd82e57db46197efb598ba644dac17a4a861b420686068d9a288a631cbea9c3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\20kae\OneDrive\Documents\Visual Studio 2022\Projects\MCParodyLauncherUpdater\MCParodyLauncherUpdater\obj\Release\updater.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ