5e79be3e6247fbe908cb213c0b50183079bdcbd45767693e5c1378abfda80e1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e79be3e6247fbe908cb213c0b50183079bdcbd45767693e5c1378abfda80e1d
Size

12.6MB
MD5

e91bb3652450994457bef708d2b88735
SHA1

55f14034c2ce38d4dbef0d96adf86dcc678e617c
SHA256

5e79be3e6247fbe908cb213c0b50183079bdcbd45767693e5c1378abfda80e1d
SHA512

c8ab400b1b87ae627a7c65e80f22b145ddae04a50ee2052b14742b6120eed5c75f15cc5fb76e49c2e213f2aa46ec3bdf9d146b3af79eddec1dd7adbc62c15d7f
SSDEEP

196608:JkAb9qf/1YRfPWS8OYLgAS22r5OsVTtH9AqvLRWeC8v1rwq/RDzR05/NNusV:yAJ2RSW56goTvA6LweCI10YLs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e79be3e6247fbe908cb213c0b50183079bdcbd45767693e5c1378abfda80e1d

Files

5e79be3e6247fbe908cb213c0b50183079bdcbd45767693e5c1378abfda80e1d
.exe windows:5 windows x64 arch:x64

9363d44924bc6a733f505efd73740977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEvent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

SystemFunction036

Exports

Exports

ServiceMain

Sections

.text
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SD(
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lj"
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kLI
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ