a1679a0449ad36f2da657c36144187ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1679a0449ad36f2da657c36144187ab
Size

49KB
MD5

a1679a0449ad36f2da657c36144187ab
SHA1

3fdba6fc0126ba5147bd705ce922b0142692b32e
SHA256

1035ace9d9e7f598e8bcb9cc7b591ebb47c73c9d5a860b25886a9784cec1fc6b
SHA512

284faa0093384111c9761d4dbc3a6c631af275dc2bc81d0fdba2273ac7b083dec60549f3e817c3fb7394a90b2e896ac2ce2bdb106d384095c51f2282f3406082
SSDEEP

768:bYvoFoXIUsO56HftNvLhwnZ5yzIOJiwaHflw9JjE1lYShs8hZQgmy:bYcUL5QftNvLhwZ5yz34twlNIQgm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1679a0449ad36f2da657c36144187ab

Files

a1679a0449ad36f2da657c36144187ab
.exe windows:4 windows x86 arch:x86

dd81af950bfaf79ab62ba708d1d455da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceW
OpenSCManagerW
ControlService
OpenServiceW
CloseServiceHandle

ntdll

ZwQueryValueKey
NtCreateFile
NtSetInformationFile
ZwOpenKey
ZwSetValueKey
ZwCreateKey
RtlAllocateHeap
_stricmp
NtQueryInformationFile
NtReadFile
NtWriteFile
ZwEnumerateKey
RtlFreeHeap
NtQuerySystemInformation
NtClose

kernel32

MoveFileExA
GetModuleFileNameA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE