2024-10-02_309aea6789f0c9860679b3adf4f4f9de_destroyer_kangaroo

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-02_309aea6789f0c9860679b3adf4f4f9de_destroyer_kangaroo
Size

20KB
MD5

309aea6789f0c9860679b3adf4f4f9de
SHA1

a3a82ef2988e8a21dcfa5244df8a4685c92329ee
SHA256

b01c56f35c8d89264916e0305bde69f60f5c434137a885021e55b6e3e0947910
SHA512

caf00c037bb3c2b9ac291ee126c6da48ddc7a96b56206c98dbf06e63a40fd0e8ddb9b8a30d658334fd64368e4a66028c154422c06321b5481da0078724cbc456
SSDEEP

384:KX8Obeab6xAraECxkJ7PfXXqHbiqZZK09QmY1fTgT01p1MN/9bZKVJCrZWMMoWKd:K3lvaEcktUic5imoYC0ZlO4d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-02_309aea6789f0c9860679b3adf4f4f9de_destroyer_kangaroo

Files

2024-10-02_309aea6789f0c9860679b3adf4f4f9de_destroyer_kangaroo
.exe windows:5 windows x86 arch:x86

a2cd52cf31250cbc8e01c8c970423a4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegDeleteValueW
CryptHashData
CloseEventLog
RegSetValueExW
RegCloseKey
ClearEventLogW
CryptAcquireContextW
OpenEventLogW
CryptDeriveKey
CryptReleaseContext
RegDisableReflectionKey
CryptEncrypt
CryptCreateHash
RegOpenKeyExW
CryptDestroyKey
CryptDestroyHash

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSLogoffSession
WTSDisconnectSession

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

GetCurrentThreadId
GetModuleFileNameW
ExpandEnvironmentStringsW
CreateThread
GetVolumeInformationW
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetFileTime
CreateToolhelp32Snapshot
FindNextFileW
UpdateResourceW
GetSystemDefaultLangID
ExitProcess
GetFileSize
CreateMutexW
FindFirstFileW
SetFilePointer
FreeResource
lstrlenA
GetDriveTypeW
SetEndOfFile
FindResourceW
LoadResource
CreateProcessW
EndUpdateResourceW
GetLogicalDriveStringsW
GlobalLock
WaitForSingleObject
GetModuleHandleW
GetTickCount
VirtualFree
SetFileTime
WriteFile
OpenProcess
GlobalAlloc
TerminateThread
Sleep
CopyFileW
SizeofResource
GetFileAttributesW
TerminateProcess
ReadFile
lstrcatW
CreateFileW
ExitThread
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetLastError
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
MoveFileW
GetSystemDefaultLocaleName
GlobalFree
FindClose
Process32FirstW
ProcessIdToSessionId
LockResource
WaitForMultipleObjects
Process32NextW
WTSGetActiveConsoleSessionId
lstrcmpiW
CloseHandle

user32

CloseClipboard
GetMessageW
PostQuitMessage
LoadCursorW
DispatchMessageW
DefWindowProcW
SetWindowTextW
SetClipboardData
UpdateWindow
GetSystemMetrics
MessageBoxW
OpenClipboard
CreateWindowExW
ShowWindow
EmptyClipboard
ReleaseDC
GetWindowTextW
GetWindowLongW
LoadIconW
RegisterClassExW
TranslateMessage
GetDC
wsprintfW

gdi32

CreateSolidBrush
GetDeviceCaps

shell32

CommandLineToArgvW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2cd52cf31250cbc8e01c8c970423a4b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

advapi32

wtsapi32

mpr

kernel32

user32

gdi32

shell32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 4KB