metsvc[.]exe | Triage

General

Target

metsvc.exe
Size

60KB
MD5

a6cc05a6f1f5361d24480e4f65a8e376
SHA1

7232bd42cd9d0725e7e0220052f4734fec91be7a
SHA256

fc512a7264fa6a546ab1f503c8bd8f11787ed23d05f3783a76d932b1722f8d70
SHA512

0281d073a62105d1bb1286429fc29f18bb00268ab8e0b65a350528539145af6ce109b8eb833e46a34577bd69b89caa124d42d2691855558deb7cf1ce64c6496e
SSDEEP

768:5+WkjISxTk+kQ6aivVMbrqUKh7Xv8dNm57UkaLZdc55y+H/qh8tR:0HUJ1Qj3C37XkLmpUkaHcdvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
metsvc.exe

Files

metsvc.exe
.exe windows:4 windows x86

5c61c92a1e14a32ee3d302ac388b7aac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
socket
WSAGetLastError
htons
bind
listen
accept
inet_ntoa
closesocket

advapi32

SetServiceStatus
StartServiceCtrlDispatcherA
OpenServiceA
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
RegisterServiceCtrlHandlerA

kernel32

CreateFileA
CloseHandle
TlsFree
CreateProcessA
GetLastError
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
Sleep
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
RtlUnwind
HeapReAlloc
VirtualAlloc
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c61c92a1e14a32ee3d302ac388b7aac

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB