7359f858bb82995742dfe8a3ccc8f02c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7359f858bb82995742dfe8a3ccc8f02c
Size

25KB
MD5

7359f858bb82995742dfe8a3ccc8f02c
SHA1

5313a3c527218b494175563da81a4677c675af74
SHA256

d2a997c5dbfac2d16140779cb02ccf88db7104265d9b4cf728da0a722d087529
SHA512

9289b30f8dd0b460fe1a22399b090d0354d51d9a8c23361d6848dce0429a29232d1fb5d3aeaf6c1d93970594d7acab7fb630e70dc8bb31abf4509421bba7ec7f
SSDEEP

384:mDT5cGkBYu5JvyMXX/eCo84SCOPtWoRSFn1iUT:mvYVJ3ve4CQYoRSFn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7359f858bb82995742dfe8a3ccc8f02c

Files

7359f858bb82995742dfe8a3ccc8f02c
.exe windows:4 windows x86 arch:x86

5be5940dee969ee0a6563253f81ba297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

LdrAccessResource
RtlImageDirectoryEntryToData
ZwSetInformationFile
ZwClose
LdrFindResource_U
ZwCreateFile
strtoul
ZwCreateKey
ZwSetSecurityObject
RtlImageNtHeader
ZwQueryInformationToken
RtlAdjustPrivilege
ZwOpenFile
ZwQueryDirectoryFile
ZwQueryValueKey
RtlInitUnicodeString
wcsrchr
strchr
swprintf
ZwOpenProcessToken
ZwWriteFile
RtlAddressInSectionTable
RtlGetFullPathName_U
RtlIpv4AddressToStringA
ZwSetValueKey
RtlGetCurrentPeb
strstr
ZwOpenKey
sprintf

kernel32

GetSystemTimeAsFileTime
VirtualProtect
GetTickCount

advapi32

OpenServiceW
CloseServiceHandle
ControlService
StartServiceW
CreateServiceW
OpenSCManagerW
DeleteService

ws2_32

send
WSACleanup
connect
WSAStartup
closesocket
WSASocketW

dnsapi

DnsQuery_A
DnsFree

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ