8d471d2eecce5b744adcc443bd20c844 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d471d2eecce5b744adcc443bd20c844
Size

155KB
MD5

8d471d2eecce5b744adcc443bd20c844
SHA1

000ccd52d55cb431b4fabd795b16c036e177e8d4
SHA256

bbd6e01f7eca9e5f6fefa55787baec4a0d0e6d993c4f2c50c513c100a3f7c24e
SHA512

be4fff42e4deafc593314c6d4a28ca0ae5e1a28ca1a58051f9ef079e9bdd355d7a38ddade10ef61991ade749fab873e6bfbde75d6a89903ed03339b7db8b7449
SSDEEP

3072:36SbjmeTMP0D1409hIq8oZ+q2yPW2mX+iV4AIipSk04RN9lErmZVGql+BC3K5eq:KS2eI6r9hIfoHqhCF4RDl4mTGyK7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d471d2eecce5b744adcc443bd20c844

Files

8d471d2eecce5b744adcc443bd20c844
.exe windows:4 windows x86 arch:x86

ac08b40c9b4db0828ecd32502526f4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
OpenServiceW
StartServiceW
ControlService
OpenSCManagerW

ntdll

RtlFreeHeap
NtQuerySystemInformation
RtlAllocateHeap
NtQueryInformationFile
NtReadFile
NtWriteFile
ZwQueryValueKey
ZwOpenKey
NtCreateFile
_chkstk
_stricmp
ZwEnumerateKey
NtClose
NtSetInformationFile

kernel32

GetTempPathW
GetModuleFileNameA
MoveFileExA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ