ServiceContract[.]exe[.]7z

Resubmissions

13/07/2023, 14:26

230713-rr1x1ahh9v 6

13/07/2023, 14:13

230713-rjdshaha65 6

Sharing

Copy URL Twitter E-mail

General

Target

ServiceContract.exe.7z
Size

205KB
MD5

fcaa294a7f9a0487c31350e7da70d0cd
SHA1

79e2257820ce5cdd28dd761e55e631d8ff2f714a
SHA256

f8d7acf0b6864998c0f20f1c3940fdf4ad7f2590c57647df3b8e2a4baf2cc5bb
SHA512

50c1738681d3e2ff3d26913e18b2b4de7bc05ce779c0262e32e885da461dd0e644861170d647278239ec175846993b32cc9d1b2018845d6d336ba5ee9ca8a796
SSDEEP

6144:3UqgK1Ajks8Fhdpl9dH0h6vfAZcT4bL+gZ5dcM+24:gK108FX9dH0hYfxT4egZrcM+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ServiceContract.exe

Files

ServiceContract.exe.7z
.7z

Password: infected
ServiceContract.exe
.exe windows x86

Password: infected

22e81e700be1d74ffedbe192e3dbbb2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

LCMapStringW
LCMapStringA
LocalFree
lstrlenW
lstrcpynW
lstrcpyW
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
MultiByteToWideChar
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
RaiseException
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP

user32

MessageBoxW
LoadStringW
GetWindowTextW

advapi32

CryptDestroyHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptReleaseContext

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
VariantClear

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 226KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

22e81e700be1d74ffedbe192e3dbbb2a

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

ole32

oleaut32

mscoree

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 226KB - Virtual size: 231KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 226KB - Virtual size: 231KB

.rsrc
Size: 8KB - Virtual size: 8KB