EzDaZz[.]exe | Triage

Sharing

General

Target

EzDaZz.exe
Size

17KB
MD5

b7f2990fb12930a53d8f8f4216916a3d
SHA1

507ef0bf2454cd4c72ea8eb15de898a73ed11bc2
SHA256

64f926baf52d4a89444c0d32f3ad5bc484859fbf210b7a7ec014097109a6360c
SHA512

2eac7ac38615eeb5959ffc30c51d4c93e8df9152031f180ec6c858e93bf611b836b89b8d7b0622e019a224baa1be953aae101b8aafe0cd31a45eb8783ef04563
SSDEEP

384:8ndPwvAJJ0A5iWGT0aHYzyJE+q3QQ4B/W9xygx:sBwIJJv5tjaHYlZQQ4Be9xy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EzDaZz.exe

Files

EzDaZz.exe
.exe windows:5 windows x86 arch:x86

feb9bebf646137f4ff73e503cbcb6361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CloseHandle
CreateFileA
SetFilePointerEx
ExitProcess
IsProcessorFeaturePresent
GetModuleHandleA
SetFilePointer
DeviceIoControl
WriteFile
GetCurrentProcess
GetProcAddress
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

advapi32

CryptAcquireContextA
CryptGenRandom
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
AdjustTokenPrivileges

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ