4244aa0589b4bbefb1455f78be6e57ec | Triage

Sharing

General

Target

4244aa0589b4bbefb1455f78be6e57ec
Size

156KB
MD5

4244aa0589b4bbefb1455f78be6e57ec
SHA1

8745c54c9428c5ecdded9c61b1f76865a818705e
SHA256

8451ed55ff5c85f11f8d44556d32e025e4c4f0a29958797ce4ba4314133268c1
SHA512

38f1ad34c8892674d5b5a7c947a302954a9c90571c971fd94f488e5a8b23cbc1ffb3b3374c818a8add5623128146e5208f64006f993144456b775ba66c555123
SSDEEP

3072:IEy3u+xRia+pYofUTx+ILeP3dsClFjrEx054Ef0O5fX:FyTL+pqMLPNllF/E+vf/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4244aa0589b4bbefb1455f78be6e57ec

Files

4244aa0589b4bbefb1455f78be6e57ec
.exe windows:4 windows x86 arch:x86

683fa3b5667d80107db91156c3e49198

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
DeleteCriticalSection
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleHandleA
GetProcessHeap
GetTickCount
GetVersionExA
HeapAlloc
InterlockedDecrement
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadFile
SetLastError
lstrlenA

advapi32

AllocateAndInitializeSid
ChangeServiceConfigA
LockServiceDatabase
LookupAccountSidA
OpenProcessToken
OpenSCManagerA
QueryServiceStatus
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ