TROLDESH[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TROLDESH.exe
Size

1004KB
MD5

5294b2851a648c51de94fa83b68bb0df
SHA1

09e38aad31ae8d15a59bceb3e07e7f8a4b58189c
SHA256

1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d
SHA512

87c4b6b73248e167bf55b8f5b892ab15f1c5546709d0e120f1f96efda6b9ffd058e1b0b685c1596022632f603c07505a6a0af5757c679e256b4564201e91d7b7
SSDEEP

12288:09MHwMVR8EyH4Aj6fRljL2NkKwb50UmqtLQgvgFgR8S83sX+2vuiq8mKU/5k7s:0qwwWHh6ZljGG5Zn9GsX/uib6S7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TROLDESH.exe

Files

TROLDESH.exe
.exe windows:5 windows x86 arch:x86

59e89675b3ec33cc587fb258cff6c20a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
lstrlenA
GetModuleHandleA
GetProcessVersion
GetFirmwareEnvironmentVariableA
FindResourceA
DuplicateHandle
GetFileAttributesA
HeapSize
CreateFileW
ReadConsoleW
CloseHandle
ResetEvent
GetLastError
VirtualProtect
AddAtomA
GlobalAlloc
WriteConsoleW
SetStdHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile

user32

CreateWindowExA
AnimateWindow

gdi32

CloseFigure
SetWinMetaFileBits
StretchBlt
CreateCompatibleBitmap
EndPath

shell32

DragQueryPoint

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59e89675b3ec33cc587fb258cff6c20a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 392B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 830KB - Virtual size: 829KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 392B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 830KB - Virtual size: 829KB