7fabad498ad8a3f5dde3be49340acf17 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7fabad498ad8a3f5dde3be49340acf17
Size

166KB
MD5

7fabad498ad8a3f5dde3be49340acf17
SHA1

4548d27dde187a103e8f1a1463307e75d44988d6
SHA256

5284a53e1a41ee8f7ebbfc1f58fc80466fffc56cc149e592b80d7d59e7fa6f1d
SHA512

a5b14e213670cc415606094d86144cad747c4f376f2a13bedb153bdfe8c44897d14f21c3010fa6b01f8a034355ee232fde546d7d240b718b3422e181e11ca15d
SSDEEP

3072:LnTQ1pbYjVPcZjcycBVOayBDCUsY2KkRSYoF/SN:jT1xkhCcrs1IP/SN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fabad498ad8a3f5dde3be49340acf17

Files

7fabad498ad8a3f5dde3be49340acf17
.exe windows:4 windows x86 arch:x86

7a78db19b945590ef3c630dee4cad4bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\src\Service\TapService\_bldtmp\retail\GladTapSvc.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
WaitForSingleObject
SetEvent
GetLastError
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent

user32

wvsprintfW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus

woscommonutils

InitTunTap
UnregisterPort
GetLocalVIP
RegisterAndGetVIP

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
NdrServerCall2

msvcr80

free
malloc
exit
_vsnwprintf_s
_crt_debugger_hook

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 160KB - Virtual size: 416KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE