5b9f1ec6ab0ddcd371ec30c66a57c059 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b9f1ec6ab0ddcd371ec30c66a57c059
Size

93KB
MD5

5b9f1ec6ab0ddcd371ec30c66a57c059
SHA1

c868c95f8dfa76b22e9c53af67ff2217394c3d3b
SHA256

cfc865549211261d7c404877696ede48af45eaf51b53c3c5496c9463621f336c
SHA512

1e6d846f48cab807747dc73d09e48d89b0a0569852c25df116088b5037581945a47652673b66a7132cf50fac64f8638c0682c144ae32823cb1cbaa1caf9a1eed
SSDEEP

1536:odaF5IJk6XTyolg2Buuq97MlpOX5fD34WFM8zaW6xvzQEnJxKvJC88kn7qld:7FiJBjym5Zq94bOJfD34WFPaW6lzQEnZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b9f1ec6ab0ddcd371ec30c66a57c059

Files

5b9f1ec6ab0ddcd371ec30c66a57c059
.dll windows:4 windows x86 arch:x86

c3940b05885e946493f8f2dfc8f6414e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
VirtualFree
CreateThread
FreeConsole
VirtualProtect
VirtualAlloc
Sleep

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

msvcrt

memcpy
__CxxFrameHandler
_EH_prolog
??3@YAXPAX@Z
??2@YAPAXI@Z
wcstombs
strncpy
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

ESET
Rsing
ServiceMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 953B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ