e2097d2f9a3c53c1487ff038a5bfac42 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2097d2f9a3c53c1487ff038a5bfac42
Size

367KB
MD5

e2097d2f9a3c53c1487ff038a5bfac42
SHA1

b649a98b1e2e1681aa3094e81dfd34e0deafa275
SHA256

8e5462106db1abe044716bedfc992a02c9ac4ffd8a500e6150c7b1cbbaf2caf5
SHA512

390b3e01a0967485153045c4f75ce8a1ed529a211861ace884421310dd9c9dbe99b2a453fe6455c694c1fc2b4396adcddd292b36857f4b86489179929e6a1983
SSDEEP

6144:eNWbKRMGoCQ0TexdCoNSQwMOu/L5NY5k7paog+4gyA1H1zZsQ6psGeDkXMgi:8WbKRMGoCQ2exdCGGMOu/iQtUA1A7Re

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2097d2f9a3c53c1487ff038a5bfac42

Files

e2097d2f9a3c53c1487ff038a5bfac42
.exe windows:4 windows x86 arch:x86

bd41d8892a31a1ee8fb9b1cc5035a5e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SuspendThread
GetExitCodeProcess
WriteFile
GetStdHandle
ReleaseMutex
GetCommandLineA
InterlockedExchange
HeapCreate
GetEnvironmentVariableW
ResetEvent
LocalFree
CreateMutexA
LocalSize
GetPrivateProfileIntW
CloseHandle
CreateEventA
GetModuleHandleW
GetACP
GlobalFree

advapi32

IsValidSecurityDescriptor
RegEnumKeyW
CloseEventLog
RegCreateKeyExW
RegQueryValueW
RegDeleteValueA
ClearEventLogW
IsValidSid
RegCloseKey
IsTextUnicode
CreateServiceA
ControlService
RegDeleteKeyA

devenum

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

hdwwiz.cpl

InstallNewDevice

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ