516858dead89077250b490476c7154e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

516858dead89077250b490476c7154e7
Size

820KB
MD5

516858dead89077250b490476c7154e7
SHA1

30a0d51966a1bc3067cdbc9f5bb8024d4f7773a5
SHA256

13e611ad827e0be48596bcc309a0f4ae488c3f14566521993496069ec050cfb7
SHA512

9fe70e74ac99be8dc7ac08bd4d2edbaced3fab83daec6936f7df0abf4109e58a1099b5d58628d02df9c856587df1d7693ac1bc9efaf1e6293f1b7f53fae43a8c
SSDEEP

12288:S7s6RMKf7Vnza/WBCy8Coea97QESr/JMYixo4NOG1QA+Amm4BiM7OosW6DZHZeRk:S71RMKpza/WX8vedr/JMlNyBiM6uYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
516858dead89077250b490476c7154e7

Files

516858dead89077250b490476c7154e7
.exe windows:4 windows x86 arch:x86

8197a7731d64ec26d1b44c9127d28f51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
VirtualAlloc
GetEnvironmentVariableW
FindVolumeClose
GetCommandLineA
GetExitCodeProcess
WriteFile
CloseHandle
GetStdHandle
GetPrivateProfileIntW
LocalFree
InterlockedExchange
lstrlenA
GlobalSize
ResetEvent
GetModuleHandleW
ResumeThread
GetACP
CreateEventA
GlobalFree

advapi32

RegDeleteKeyA
RegCreateKeyExW
RegQueryValueW
CreateServiceA
RegEnumKeyW
ClearEventLogA
CloseEventLog
IsValidSid
ControlService
IsValidAcl
IsTextUnicode
RegDeleteValueA
RegCloseKey

admparse

ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag
AdmClose
ResetAdmDirtyFlag

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ