1f4f229eb9913c30e9288269db875bd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f4f229eb9913c30e9288269db875bd7
Size

67KB
MD5

1f4f229eb9913c30e9288269db875bd7
SHA1

e869256b288f7d7f3754f9a45bf2cfebe8781096
SHA256

3b405d2e26ad75c408159f1afc2be8cdbfa47f22449c0d3c988c1e70f3faa307
SHA512

554724b94c1edc2d81cd1531cd685abd8554f794ab3b7092d0295b28c377a3bcff852fbfd2863f09f50fcb99d160113dbfae3c96c8df9af0f05306172753aba6
SSDEEP

1536:3EhH7LHc17bmsCJMpZYTmuF8Sh8FjgUxtcv+Hivm8QRnTdpbyiUfi:0hHvcQsCJ/TmGf4xtc2HivfQRnTPb3UK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f4f229eb9913c30e9288269db875bd7

Files

1f4f229eb9913c30e9288269db875bd7
.exe windows:4 windows x86 arch:x86

df0d80e95038b30443e83b6ded97407f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA
StrStrA
StrToIntA

user32

PostThreadMessageA
wsprintfA

advapi32

DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
ControlService

ole32

CoCreateGuid

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
exit
_XcptFilter
_exit
_EH_prolog
__CxxFrameHandler
time
srand
rand
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
_acmdln

kernel32

SetFilePointer
GetModuleFileNameA
DeleteFileA
GetModuleHandleA
GetStartupInfoA
ReadFile
CreateMutexA
GetLastError
GetFileAttributesExA
ReleaseMutex
lstrcpyA
lstrlenA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
GetSystemDirectoryA
lstrcatA
WaitForSingleObject
CloseHandle
GetFileTime
SetFileTime

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE