54288568560a8d783a5f65e5ba214f24

General

Target

54288568560a8d783a5f65e5ba214f24
Size

28KB
MD5

54288568560a8d783a5f65e5ba214f24
SHA1

f6b364224aa33d925c1485e8dfe51eec28d4a57e
SHA256

5f69d4f54c08bb13cbfcae78759080df98b757e395d25375b9dac505b71bd5b4
SHA512

ae6aeee22e6813b2e2e2871e3ae2ae7b136dbd98b01b0a39ab6a728900beeae6359144123418b555343c5828a159bbdd1178d8a95a7b22a1899f164465b98180
SSDEEP

384:TjNltuFLxlKcaFnpXmUQGzKYSbiYw9pehy4sN83BE:TjHtY/hMpXrmpRw9+y4sSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54288568560a8d783a5f65e5ba214f24

Files

54288568560a8d783a5f65e5ba214f24
.dll windows:4 windows x86 arch:x86

c98341e46c282f17b757a5d16095ed2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeConsole
TerminateThread
WaitForSingleObject
CreateThread
CreateEventA
Sleep
CreateMutexA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
SetEvent
DeleteFileA
WriteFile
CreateFileA
GetTempPathA
ReadFile
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
CreateToolhelp32Snapshot
CloseHandle
Process32First
OpenProcess
Process32Next
GetSystemDirectoryA
GetStartupInfoA
GetCurrentProcess
FreeLibrary

advapi32

LookupPrivilegeValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateProcessAsUserA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

wcstombs
strncpy
strncmp
strrchr
sprintf
free
_initterm
malloc
_adjust_fdiv
_stricmp

urlmon

URLDownloadToFileA

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

Exports

Exports

ServiceMain
SvchostPushServiceGlobals
TestCheckStatus
TestRunning

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c98341e46c282f17b757a5d16095ed2c

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

urlmon

wininet

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 510B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 510B