redosdru | c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

General

Target

c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105
Size

60KB
MD5

90d83bbad8110780e90b8f0beab172f9
SHA1

0ced0e716b07945787bf78ae6296a5f24bfdbe59
SHA256

c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105
SHA512

92d4a6697644925176852c2b43bf297b16afadc2a993c135b5aa9df3c74a280bfb7cde883c6bf5c8b06202ff55168997dcf89ef2e791a3aeaca3cb09b6ac7707
SSDEEP

768:3e1iZNbQAKrWGOkGQeN70ZqL378KBBmbUt4i:36iZNer5GQvkUath

Score

10^/10

redosdru

Malware Config

Extracted

Family

redosdru

C2

http://xiazai.caobibibi.com:7744/8.77.dll

Signatures

Redosdru family
redosdru

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105

Files

c28770a88ad997d80ca6f461893cd6f032f614a43c449f21e73df15e8a843105
.exe windows:4 windows x86 arch:x86

45faf44fe201670daca333d176faea38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MakeSureDirectoryPathExists

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

ExitProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetConsoleCtrlHandler
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
CloseHandle
WriteFile
CreateFileA
ReadFile
GetFileSize
SetFilePointer
Sleep
HeapReAlloc
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
IsBadWritePtr
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetLastError

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

45faf44fe201670daca333d176faea38

Headers

File Characteristics

Imports

imagehlp

wininet

kernel32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 12KB - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 12KB - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB