Kwork[.]IM[.]Service[.]exe | Triage

Sharing

General

Target

Kwork.IM.Service.exe
Size

16KB
MD5

16a81cd2d76a4cbd36e655ec6548685e
SHA1

1c7e615fada431b2cefdca25fb9db66094eca852
SHA256

4c1ea3a840b2f560dd97be335e10ad3ed757c0fdfae38af2d7ce5992eefc1490
SHA512

487f337b68f2b135638cd7b23660ec25d85a4e344f5e6cf3f9b85098d1a668ba4cd8e98d1acb219edad1d0af4f37f30a236623f05286009d38f38de7417a0b69
SSDEEP

384:Gul/Gd+6VRKyGQGoIdVaL1F6W0Ma7U4iWs:GFdP0eK7bI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Kwork.IM.Service.exe

Files

Kwork.IM.Service.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ