570936904f7edaa7d114ce8dc0c45a73 | Triage

Sharing

General

Target

570936904f7edaa7d114ce8dc0c45a73
Size

820KB
MD5

570936904f7edaa7d114ce8dc0c45a73
SHA1

05d493505de32747829414dd2bb8eee5f0f4125e
SHA256

6dd13f9824602e7e4d285b0a23a3f9f14ea0e3ff33300dfa316e183d1e7e104e
SHA512

281e44289220c18b3f6d5c41f59f996c70e6b2a226a1335b0f881a77c7a1fb3badd5365ea101569de034ba845b01892f61001b2841c09b603d03d47d94553189
SSDEEP

12288:JDKxRMfskuYXg9KjIFpeLh1TLa+HjH6+NJ+XukhAbMWYKStR42HojcFRXdt1X:FoRMEkuMUpeF1T+o8XukhkMWHQvRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
570936904f7edaa7d114ce8dc0c45a73

Files

570936904f7edaa7d114ce8dc0c45a73
.exe windows:4 windows x86 arch:x86

8d3358e67fc58b3ae041f6271953da75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetEnvironmentVariableA
LoadLibraryW
lstrlenA
GetStdHandle
InterlockedExchange
GlobalFree
CloseHandle
FreeConsole
GetCommandLineW
CreateEventW
LocalSize
GetPrivateProfileIntA
CreateMutexW
GetSystemInfo
WriteFile
VirtualAllocEx
ReleaseMutex
LocalFree
SuspendThread

advapi32

InitializeSid
RegDeleteValueA
CloseEventLog
CreateServiceW
ClearEventLogW
ControlService
IsTextUnicode
IsValidSecurityDescriptor
RegCloseKey
RegEnumKeyA
RegQueryValueW
IsValidSid
RegCreateKeyExW
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ