adaf7b3a432438a04d09c718ffddc0a083a459686fd08f3955014e6cf3abeec1

Sharing

Copy URL Twitter E-mail

General

Target

adaf7b3a432438a04d09c718ffddc0a083a459686fd08f3955014e6cf3abeec1
Size

7.5MB
MD5

948dffef9a11c11a6d81905e59ca1882
SHA1

c060431e55db84a195241be1cffdbdc30f42d666
SHA256

adaf7b3a432438a04d09c718ffddc0a083a459686fd08f3955014e6cf3abeec1
SHA512

52354cc54a715de478a3089a62d8df86668c2f7a91e8b36b292e8c67c65515f813250504f983cf9a0296d87e3eb38ae0693cd63b65c53bd3ac934278baad6abc
SSDEEP

196608:AlVV6TV9NsOoMqEz2t7+eW3TAPwZN3erOAjsjGqI4jsbpSzZTfuwpd/:YVVKPKVW2t65UwZ9eCDxjrzZfD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ServiceHub.MsDetouredHost.exe

Files

adaf7b3a432438a04d09c718ffddc0a083a459686fd08f3955014e6cf3abeec1
.iso
out.iso
.iso
ServiceHub.MsDetouredHost.exe
.exe windows:4 windows x86 arch:x86

7ab4574bf2246b98f4ad32ca582caacc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

comctl32

ord17

kernel32

GetCurrentDirectoryA
UnhandledExceptionFilter
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
GetVersionExA
GetProcAddress
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
GetTempPathA
GetLastError
LoadLibraryExA
GetModuleHandleA
Sleep
GetFullPathNameA
RemoveDirectoryA
MultiByteToWideChar
SetStdHandle
GetFileType
SetConsoleCtrlHandler
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetStartupInfoA
GetCommandLineA
SetEnvironmentVariableA
WideCharToMultiByte
SetEnvironmentVariableW
SetHandleCount
GetStdHandle
InterlockedExchange
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetFileAttributesA
ReadFile
SetFilePointer
CloseHandle
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers
CompareStringA
GetCPInfo
CompareStringW
GetACP
GetOEMCP
HeapSize
CreateFileA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocaleInfoA
VirtualProtect
GetSystemInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
CreateDirectoryA
GetDriveTypeA

ws2_32

ntohl

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Vaccination06042021.PDF
.pdf
Vaccination06042021.pdf.lnk
.lnk
doc.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

7ab4574bf2246b98f4ad32ca582caacc

Headers

File Characteristics

Imports

user32

comctl32

kernel32

ws2_32

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 180KB - Virtual size: 179KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 180KB - Virtual size: 179KB