e039ecd2728678a7305d6557d173f067 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e039ecd2728678a7305d6557d173f067
Size

48KB
MD5

e039ecd2728678a7305d6557d173f067
SHA1

9db3c4d4330c8a43258b2e9e55201f96fbddfd54
SHA256

3f68eb8a321e5349a0602490705adea4fdacfb5961f2da57dd4de39073426588
SHA512

451efa01b76ad126377116e76ee22bc3e6669e6bda429ff87907525c9c9a00530760dd243dda2ea447e33338f7cece64fc2736a0cac4701715fbb6edefee72d0
SSDEEP

1536:bitlRQEEbq0OwA0QdLMYB+EY8Q1konQ0drsko2T6B/bxQRMaMgvwoWKVV9VFn:6xW0cpke3RMhUVFn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e039ecd2728678a7305d6557d173f067

Files

e039ecd2728678a7305d6557d173f067
.exe windows:4 windows x86 arch:x86

a67822faa7a42bb640377bb9b3af416f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
CloseHandle
GetEnvironmentVariableW
ReleaseMutex
GetCommandLineA
LocalFree
InterlockedExchange
CreateEventA
CreateMutexA
WriteFile
GlobalSize
HeapCreate
GetACP
GetStdHandle
ResetEvent
GetExitCodeProcess
lstrlenA
GetPrivateProfileIntW
ResumeThread
GetModuleHandleW

advapi32

RegCloseKey
IsValidSid
IsTextUnicode
RegDeleteValueA
CloseEventLog
IsValidSecurityDescriptor
ControlService
RegCreateKeyExW
RegDeleteKeyA
ClearEventLogW
CreateServiceA
RegEnumKeyW
RegQueryValueW

btpanui

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ