49f1bb0eb698d862471a5626320d2efd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49f1bb0eb698d862471a5626320d2efd
Size

41KB
MD5

49f1bb0eb698d862471a5626320d2efd
SHA1

a23b3baebbbe0e22c575adc46152800861edbfdc
SHA256

66146f1dcd24521740f23aa76434c25f1a35b7d03c036ed022f91df2de3d17ce
SHA512

e070efee0ce2e93156fa8bfe49016b3470cd70eba1a2950ac84eb3c6ec8cd50772cc69ba4e53f20ea633285eb0ec38db7d502c55f736bf8eee3a83790175d191
SSDEEP

768:ymh13aZ8eWeVuMc2kvqLeokRTOae2aRAM805ZtdU2uegrAHUcN:Y8TeVSByLeokhhFSLU2/gvcN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49f1bb0eb698d862471a5626320d2efd

Files

49f1bb0eb698d862471a5626320d2efd
.exe windows:4 windows x86 arch:x86

4e1da37eec9067e8e9f1fbaa047e11d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetLastError
GetTempFileNameA
GetSystemDirectoryA
DeleteFileA
DeviceIoControl
CloseHandle
CreateFileA
WinExec

advapi32

OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

msvcrt

_stricmp
fclose
fwrite
fopen
sprintf
strncpy
strrchr
_snprintf
_strlwr

shlwapi

SHSetValueA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ