EndlessDungeonCHS[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EndlessDungeonCHS.exe
Size

7KB
MD5

22cb972127e64655eac4c8b80a5ea6b6
SHA1

d0c49d1cb83e953996e39c80c8598a97c54e19ab
SHA256

41ebc13ddf425ff0410bda2091beffd351dd2ef5b5fb4cb38be18c1a3070c326
SHA512

c0705ead697c944e15d74c682d3ec208142d08493419861290a07ab837145158d19105e8ea289b0b93a907bdd3db8efc4d45e6ca6704906cfed3f16fa92eef97
SSDEEP

96:3JxUS7qW9jQcurEHMqeoEGjxn5p9DSWDzw3FCHK+xu8zpBV2pXmwu/:3Jfq81ufqelGjxn53838Zx72pXmwu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EndlessDungeonCHS.exe

Files

EndlessDungeonCHS.exe
.exe windows:6 windows x86 arch:x86

d75404992b0157b9a9169fac5651df12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

ntdll

NtSetContextThread
NtTerminateProcess
RtlInitAnsiString
NtWriteVirtualMemory
LdrGetProcedureAddress
RtlUnlockHeap
RtlEqualUnicodeString
RtlLockHeap
LdrUnlockLoaderLock
NtReadVirtualMemory
NtDelayExecution
RtlReleasePebLock
NtFlushInstructionCache
RtlSetCurrentDirectory_U
NtGetContextThread
LdrLockLoaderLock
LdrShutdownProcess
NtAllocateVirtualMemory
RtlAcquirePebLock
NtFreeVirtualMemory
RtlGetCurrentDirectory_U
RtlInitUnicodeString
NtResumeThread

Sections

.Xmoe
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ