8bc5095ecf54db4fa770a394879d930c

Sharing

Copy URL Twitter E-mail

General

Target

8bc5095ecf54db4fa770a394879d930c
Size

57KB
MD5

8bc5095ecf54db4fa770a394879d930c
SHA1

2d4a7ab35c62c4d363a6e85980033e048b16b359
SHA256

46f8e262511be3c0dea04c4977c06e840ff3e9561b29326b291394a8a0a165a6
SHA512

f477e6853f5cf5ff6960bdf3dff29afdccefbe92841a5efeb4d75fd4f6ea18bf754038edaf9b37a3886a618c65b2e235385bdb6fa932c23d76dfbf8c7ad48166
SSDEEP

768:7eoMmfd5cbEuFrAYVpIaCD8MndTNdYoZ+pEOTk/c1X29YRdIbHdL:SnMdmbrbphZKx48i2inw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bc5095ecf54db4fa770a394879d930c

Files

8bc5095ecf54db4fa770a394879d930c
.exe windows:6 windows x86 arch:x86

ee5edee9a06d2e31dde8069f0abfd6f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TrustedInstaller.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegCloseKey
RegOpenKeyExW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
CloseServiceHandle
CreateRestrictedToken
ConvertStringSidToSidW
OpenProcessToken
CreateProcessAsUserW
InitiateShutdownW
ChangeServiceConfigW
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetExitCodeProcess
TerminateProcess
GetFileAttributesW
GetWindowsDirectoryW
GetCurrentProcess
GetFullPathNameW
lstrlenW
GetVersionExW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
LocalFree
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcmpW
ExitProcess
HeapSetInformation
CreateEventW
Sleep
GetLastError
CreateThread
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeThread
CloseHandle
SetEvent
ExpandEnvironmentStringsW

msvcrt

??2@YAPAXI@Z
wcstoul
_controlfp
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memset
memcpy
malloc
memmove
??3@YAXPAX@Z
free
?terminate@@YAXXZ

ole32

CoGetMalloc
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoDisconnectContext
CoRegisterClassObject
CoResumeClassObjects
CoSuspendClassObjects

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee5edee9a06d2e31dde8069f0abfd6f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 21KB - Virtual size: 27KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 21KB - Virtual size: 27KB