876718d10b42b053df1df4fb0a69f789 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

876718d10b42b053df1df4fb0a69f789
Size

9KB
MD5

876718d10b42b053df1df4fb0a69f789
SHA1

b62d6ee090978300ee1fb6ba6eb52577043eac01
SHA256

d00f4c6f225599007e5bbd0458c87153a3ba34f692a145515e26de191c2662bc
SHA512

84c8b88558f28db9408752b71832841ac2d294040dbe0d27b936a315ed69d0628de17aa0c9c28250077b366502c9c6817756c86aac7fb275fc4f542471dca6ea
SSDEEP

192:XI+qOFZn/eMPV0Qt1UqO7aBi5CtxTzHqtxT5tFWisJwB86V8uQkePxRM:TT3fPdlsQ6VRQkeP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
876718d10b42b053df1df4fb0a69f789

Files

876718d10b42b053df1df4fb0a69f789
.exe windows:4 windows x86 arch:x86

ef5e8bdeadf45606126fba4afd597a30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

setsockopt
htonl
sendto
socket
connect
WSAStartup
recv
closesocket
inet_addr
gethostbyname
htons
send
gethostname

kernel32

GetVersionExA
GlobalMemoryStatus
Sleep
GlobalFree
CreateThread
ExitProcess
GlobalAlloc
GetLastError
CreateMutexA
GetTickCount
GetCurrentProcessId
FreeLibrary
WinExec
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
DeleteFileA
GetPrivateProfileStringA

user32

ExitWindowsEx

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
StartServiceCtrlDispatcherA

Sections

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE