449516326cc9e18403d9726ff4016759 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

449516326cc9e18403d9726ff4016759
Size

27KB
MD5

449516326cc9e18403d9726ff4016759
SHA1

affeede1f42e9b529faaa3236052c4226f61b6c0
SHA256

d51f92dcc685d07d716e88560b60a5796a18272e4b56bfe9a2eaa8451372446d
SHA512

1fd10cbd19f84e77558cc0fb5bf02207d7cd602b41233f18c32623cc23dbd45f1f2a915736666ddb860d8ea6d926e0767313d297029530399f855e59fc5ea8ba
SSDEEP

384:mqwYYmO7LwXB+SKYrm4M/u8Bbe8Pv3TVMZiUbhTPjmjND:mi47ER+SKYrm41CXxMZiUxPjAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
449516326cc9e18403d9726ff4016759

Files

449516326cc9e18403d9726ff4016759
.exe windows:4 windows x86 arch:x86

ece5093d4db92d6a2ffbadf4e328bcaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
Sleep
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
Process32Next
Process32First
LockResource
GetLastError
DeviceIoControl
MoveFileA
GetWindowsDirectoryA
DeleteFileA
FreeLibrary
CopyFileA
lstrcatW
GetWindowsDirectoryW
GetVersionExA
GlobalFree
LoadLibraryExA
GlobalAlloc
GetSystemDirectoryA
CreateFileA
SizeofResource
WriteFile
CloseHandle
GetModuleFileNameA
FreeResource

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyA
ControlService

shell32

ShellExecuteA

msvcrt

exit
fclose
fprintf
fopen

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ