071ba1e52a3c06ae61273a4ebabd3061 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

071ba1e52a3c06ae61273a4ebabd3061
Size

26KB
MD5

071ba1e52a3c06ae61273a4ebabd3061
SHA1

1014c59c436e16c515b96ed5b795110f2b253ce4
SHA256

f49cc1b39871b7c3a8077f28ee394fa03ac41d3fa253a3aa0eb67965ca903585
SHA512

cd4fdd3811f08936a506f62a7a1e0170f03f63bf504e0e4c3ed390165431b1f5bdb5ce883d1146a8bf6704c080ade0d196829ee15a4b10a31d6f5b08a74eca1e
SSDEEP

384:fqWYYmO/LwXB+SKEv3gm2cOmc/18yDgmsPXiUbh1QC4FWN:f84/ER+SKEvimevgmsPXiUTEW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071ba1e52a3c06ae61273a4ebabd3061

Files

071ba1e52a3c06ae61273a4ebabd3061
.exe windows:4 windows x86 arch:x86

ece5093d4db92d6a2ffbadf4e328bcaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
Sleep
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
LockResource
GetLastError
DeviceIoControl
MoveFileA
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
CopyFileA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GlobalFree
LoadLibraryExA
GlobalAlloc
GetSystemDirectoryA
CreateFileA
SizeofResource
WriteFile
CloseHandle
GetModuleFileNameA
FreeResource

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyA
ControlService

shell32

ShellExecuteA

msvcrt

exit
fclose
fprintf
fopen

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ