1538c411407b3b0c479f52b826661446 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1538c411407b3b0c479f52b826661446
Size

45KB
MD5

1538c411407b3b0c479f52b826661446
SHA1

0984260d6958791e707602621094daf44af5b422
SHA256

a226fdf8b7c28e4a14f01d4324b2e77a4a3e8a985c31f6a5280ffa2b0e5ee9b5
SHA512

934c2ea189f2dd56c3a368279690559144950cf8480353f0a047a44d4ebf568c0b32b46885ce0874053765c462a3e55dfb17bd875c0a37c25e21e19471c0f552
SSDEEP

768:gKXNvck6lvSxbRVZVazmkks6pyClTxMEaqJLPiSRM:gKd0l63hImxs6oSTx3asOSm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1538c411407b3b0c479f52b826661446

Files

1538c411407b3b0c479f52b826661446
.exe windows:5 windows x86 arch:x86

1449c997bbeb6c68a175a905f45c43c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
MoveFileExA
WaitForSingleObject
GetTickCount
WriteFile
Sleep
ReadFile
CreateFileA
EnterCriticalSection
SetFileAttributesA
GetTempFileNameA
OpenMutexA
GetModuleFileNameA
CreateMutexA
CloseHandle
DeleteFileA
GetSystemDirectoryA
ExitProcess

user32

LoadCursorA
SetSystemCursor
CopyIcon

advapi32

CreateServiceA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ