2c386d9868b8b17051cdf6899c0229c4

General

Target

2c386d9868b8b17051cdf6899c0229c4
Size

14KB
MD5

2c386d9868b8b17051cdf6899c0229c4
SHA1

43d7bd32807311f5c0a4eb4425f0bbae72cd303d
SHA256

1aaa8ea9d4fe19e1cb38b0b2780d47daaf5899fda846b6dd5ac4ee4aff9ab0c6
SHA512

1feaadbd48de745a10046a647879714d64642527f914804fcb1e144a7ef1e3eb13dde1f458c8fed767d51b314296293bcd507bcc1397c9b5d2631fbfce870302
SSDEEP

192:D5eJ6idns4C8+6FZZ5rGVMEbyrHSWcGJQRaT2R2hyRhlwgLs1joPSPzkGUkkfnol:9eJ6QcyZ3EbJWc8hyR31qUSL8g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c386d9868b8b17051cdf6899c0229c4

Files

2c386d9868b8b17051cdf6899c0229c4
.dll windows:4 windows x86 arch:x86

ae0bf1aa0a82532e04ac0648fc656bde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
VirtualFreeEx
VirtualAllocEx
SetFileAttributesW
OpenProcess
GetModuleHandleW
WriteProcessMemory
CreateRemoteThread
RtlUnwind
IsDebuggerPresent
SetFileTime
SystemTimeToFileTime
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
Sleep
GetModuleFileNameW
CloseHandle
WaitForSingleObject
CreateThread
DeleteFileW
lstrcatW
lstrlenW
GetSystemDirectoryW
FreeConsole
lstrcpyW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetServiceStatus
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
RegCreateKeyW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW

wininet

GetUrlCacheEntryInfoW

shlwapi

PathFileExistsW

Exports

Exports

Delete
First
InjectService
ServiceMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0bf1aa0a82532e04ac0648fc656bde

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

shlwapi

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 8B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 1024B - Virtual size: 918B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 8B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1024B - Virtual size: 918B