ODAy[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ODAy.exe
Size

672.1MB
MD5

768f30facba56f92c446dc69dac3a738
SHA1

e89a3a5f535a410a9434a6062e20dcccc3217663
SHA256

f87e61b9ea501b636a807a691f36261ad24c4aa2d9ea8d9ed95a281874fb464a
SHA512

324a7430cc6f6d9d1c216fa2e78ea9530b23b3d984ccfb6a5659ede9744e31fdc2d2a9992f44db85186d4417db780e9b67a653f6ae6e6273782bc863e6ef132c
SSDEEP

12582912:jiwUN+s0BHADQyy2gxiVU4bA3D9EcXJv8/58AiLxDgiiaAlxT9V:jRs4Hb3xSU2qeK8R8Ai9kdTtP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ODAy.exe

Files

ODAy.exe
.exe windows:6 windows x86 arch:x86

d0264e200554ef617c521261fe8fe2a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua51

lua_gettop
luaJIT_version_2_1_0_beta3
luaL_openlibs
luaL_traceback
luaL_newstate
luaL_loadbuffer
luaL_loadfile
luaL_where
luaL_callmeta
lua_sethook
lua_concat
lua_error
lua_gc
lua_cpcall
lua_pcall
lua_call
lua_rawseti
lua_setfield
lua_createtable
lua_rawgeti
lua_getfield
lua_gettable
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushstring
lua_pushlstring
lua_pushnil
lua_objlen
lua_tolstring
lua_toboolean
lua_type
lua_isstring
lua_insert
lua_remove
lua_pushvalue
lua_settop
lua_close

kernel32

TlsAlloc
DecodePointer
ReadConsoleW
ReadFile
WriteConsoleW
CreateFileW
CloseHandle
HeapReAlloc
HeapSize
SetFilePointerEx
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetConsoleCtrlHandler
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0264e200554ef617c521261fe8fe2a4

Headers

DLL Characteristics

File Characteristics

Imports

lua51

kernel32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB