28fec6969970867778e1f24442fcc5ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28fec6969970867778e1f24442fcc5ca
Size

20KB
MD5

28fec6969970867778e1f24442fcc5ca
SHA1

82a468f977738a71aeab05b14dde92d64569d20a
SHA256

e049f698b9bead2a137d6b156c8964e073c0a966e3d0069e1c08087d832a3d67
SHA512

de80b0ef92d876cc557a61af2988a613ad953fe22238be50290575068b770378a0edc9f1201e01cb048cb420049507c19356760c0fc5a214b48f87efaaa18bc3
SSDEEP

96:sz3XkDhCUzH1HxjDvHEbHbAQuwO4dP1fSeO7cWGz4hvz56B3m6Uu:sz3XYz5H9vsfuwO4J133yL56B3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28fec6969970867778e1f24442fcc5ca

Files

28fec6969970867778e1f24442fcc5ca
.dll windows:4 windows x86 arch:x86

7e0a91ec63062de26aa47267bcdee55a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

msvcrt

malloc
_initterm
_onexit
__dllonexit
_mbsnbcpy
_mbsicmp
realloc
free
strncpy
wcstombs
_purecall
??2@YAPAXI@Z
_adjust_fdiv

kernel32

GetSystemDirectoryA
OutputDebugStringA
Sleep
SetEvent
WaitForSingleObject
CreateEventA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
UnmapViewOfFile
DeleteFileA
SetFileAttributesA
GetFileSizeEx
GetFileAttributesA

Exports

Exports

Install
ServiceMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ