8eb1b366a85050b0b3e79192ff9755df | Triage

Sharing

General

Target

8eb1b366a85050b0b3e79192ff9755df
Size

262KB
MD5

8eb1b366a85050b0b3e79192ff9755df
SHA1

03c7f52fba6a7729f046c3bc95a3b68122555d40
SHA256

04eef4c355e7fe83293de3255358aaae430bd9ee2cccafc0c8b090f81de1491b
SHA512

a38be1f80c572eaa40a27a806476cf394539c44781c56c12867d7cb05008a7a4c4feda5013d4d7c00bf302112328217826744470e3d4caa4d609f19d01af2ca2
SSDEEP

6144:ghpJ48mvrrKHKDMPiRKy7Nqrur3fjyhIXdQqR2G1iMBs6RueBCJj6pj:gdqrrxM7y7Eiq2yjyiQstp6F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8eb1b366a85050b0b3e79192ff9755df

Files

8eb1b366a85050b0b3e79192ff9755df
.exe windows:5 windows x86 arch:x86

388f4743f366727651dc37cc82da8caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__pioinfo
_lock
towlower
memset
_onexit

rpcrt4

RpcBindingSetOption

advapi32

EnableTrace
InitializeAcl
StartServiceW
UnregisterTraceGuids
AllocateAndInitializeSid
RegCloseKey
CryptReleaseContext

kernel32

UnmapViewOfFile
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
Sleep
SetPriorityClass
WriteFile
VirtualAlloc
OpenEventW
HeapDestroy
EnterCriticalSection
InterlockedDecrement

ntdll

NtQueryInformationProcess
RtlCreateTimer
RtlExitUserThread
RtlCompareMemory
ZwOpenEvent

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ