s1-d[.]bin | Triage

Sharing

General

Target

s1-d.bin
Size

159KB
MD5

7932ee5fa6f83b149569752c47e04b87
SHA1

6eb115feadc5808507fb5a666dd18aa89a45616c
SHA256

f329ea2c754ab196d15c20fbf9abd722fa63630631144c5a409bd2a20172196b
SHA512

17ba26e69f7536f5adaa52454fbd407338be61d97bc396baa591de9fa19aab3e539b4ca32059b2ddb1b901ac7ecd341dff9ead706fc0d058086e6b3795642f58
SSDEEP

3072:pusrpo1j49JvKa0ePbh37E6ZO78buZKxrF:ZQcvKpE37E6nmKhF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
s1-d.bin

Files

s1-d.bin
.dll windows:5 windows x86 arch:x86

eea07397253a07dcdbf7fee6b8f2cfa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\9hx97z1a\2788jy\x\0y49p\38u5\pmlmsepx.pdb

Imports

kernel32

GlobalFindAtomA
GetLastError
GetOEMCP
CloseHandle

user32

CharLowerW
IsWindowVisible
MessageBoxA
GetForegroundWindow
IsWindowEnabled

msvcrt

isalnum
_exit
malloc
free
__set_app_type

msi

ord161

Exports

Exports

RegisterServiceA
my_assert

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ