7bde854f2114e4970add1f57a2c52696 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bde854f2114e4970add1f57a2c52696
Size

820KB
MD5

7bde854f2114e4970add1f57a2c52696
SHA1

e5f0b70e8506bb3ff1a136b009611d0637064e22
SHA256

7fad9056790351b1b8ffa1628ef60ef82d5bab8c67a5657dd5328026f24f7c2b
SHA512

745bd94ebf320b58e148000486cf8cd67ab99174777e09c30a8ee27dd550ee744e5c44eda637b3f96c47415b1cd1c00cc2cdaf6ed14e5ca62977cc4865151a4c
SSDEEP

24576:iuiWRMPmr8HI+l7eRdOUI4YZHkldhZlnVcKH/nK:iuiWRMOrojSMUI4QklznVcK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bde854f2114e4970add1f57a2c52696

Files

7bde854f2114e4970add1f57a2c52696
.exe windows:4 windows x86 arch:x86

14dafce8369c120e33e965f8518111fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
GlobalSize
GetPrivateProfileIntW
GetStdHandle
VirtualAlloc
InterlockedExchange
GetModuleHandleW
lstrlenA
CloseHandle
GetACP
GetCommandLineA
GetExitCodeProcess
GetEnvironmentVariableW
GlobalFree
WriteFile
CreateEventA
ResetEvent
LocalFree
CreateMutexA
FindVolumeClose

advapi32

ClearEventLogA
RegDeleteValueA
CloseEventLog
RegCloseKey
RegEnumKeyW
IsTextUnicode
ControlService
CreateServiceA
RegCreateKeyExW
IsValidSid
IsValidAcl
RegQueryValueW
RegDeleteKeyA

admparse

ResetAdmDirtyFlag
AdmClose
ResetAdmDirtyFlag
ResetAdmDirtyFlag
ResetAdmDirtyFlag

appwiz.cpl

ConfigStartMenu

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ