General
-
Target
winserv
-
Size
2.7MB
-
Sample
201203-vhn6pa2qge
-
MD5
cf2ab077a46219b6ce4a53517dd489ea
-
SHA1
651b8d1377910e4728e85dcd231e269313ab9e1d
-
SHA256
609b0a416f9b16a6df9b967dc32cd739402af31566e019a8fb8abdf3cb573e30
-
SHA512
53fb1ac822467168ea8e7abdd72c78cdd90070b10773ce8c700c6784ab4cc3a03eb53887d158ce3a27779a5fbcf3300d2ccbedab79a34bfd42ddc91f68dbdad7
Score
10/10
Malware Config
Targets
-
-
Target
winserv
-
Size
2.7MB
-
MD5
cf2ab077a46219b6ce4a53517dd489ea
-
SHA1
651b8d1377910e4728e85dcd231e269313ab9e1d
-
SHA256
609b0a416f9b16a6df9b967dc32cd739402af31566e019a8fb8abdf3cb573e30
-
SHA512
53fb1ac822467168ea8e7abdd72c78cdd90070b10773ce8c700c6784ab4cc3a03eb53887d158ce3a27779a5fbcf3300d2ccbedab79a34bfd42ddc91f68dbdad7
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-