1bee20e3d3946b10b66de1bb966b323d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bee20e3d3946b10b66de1bb966b323d
Size

27KB
MD5

1bee20e3d3946b10b66de1bb966b323d
SHA1

590914a42c4d871ab393e3b097a0129552b82095
SHA256

26142e6b16103539d9df90195c62b27eb1e460f13825c774a732bb7106df9bba
SHA512

636520f72d22fb28169c4550535b0b88831e35af3a8a52d4bf1994587f7416f7276ad7aaf227ab615000fcf8679a172583f234031821eb1804b8e257904a48e5
SSDEEP

384:tOCV8O7Xiw8iXKQlPjsbTbFSQ0u28JkldYNFDQx4uuomuZFE:taO7Xv8aKQ5gZylmNax4jfuZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bee20e3d3946b10b66de1bb966b323d

Files

1bee20e3d3946b10b66de1bb966b323d
.exe windows:4 windows x86 arch:x86

c5134d763ab162a10c0da5b3a368c27e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetModuleFileNameA
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
TerminateProcess
LoadResource
CopyFileA
Sleep
GetLastError
DeviceIoControl
MoveFileA
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
LoadLibraryA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GlobalFree
LoadLibraryExA
GlobalAlloc
LockResource
GetSystemDirectoryA
CreateFileA
SizeofResource
WriteFile
CloseHandle
GetCurrentProcess
FreeResource

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyA
RegSetValueExA
ControlService

shell32

ShellExecuteA

msvcrt

fopen
fclose
fprintf

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ