f61818fe8b74d3af78bfc287db30596d8ea6ae122b7a8b6f1cb0e08db24fa679 | Triage

Sharing

General

Target

f61818fe8b74d3af78bfc287db30596d8ea6ae122b7a8b6f1cb0e08db24fa679
Size

60KB
MD5

3e3c84a6117b59121133c6f680fd3462
SHA1

23facbd75102475116175f1afe0f0ae50a81b69b
SHA256

f61818fe8b74d3af78bfc287db30596d8ea6ae122b7a8b6f1cb0e08db24fa679
SHA512

e2e29afbf33489643f379bc56459d78ce95ddbc1ff8916a541a6220bbc50a20349508942d26577d9eb9c1f909e19ef1693ea3c6b492fe48f380eafb7ba300723
SSDEEP

384:Xo12HOqPZKAd1nKBns5yJBEHu63mBKAqVbcz19zIYO9MvngvUWsS:Xo1QRHd1E4yJ6Hu63xAqVbOIB9WOvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f61818fe8b74d3af78bfc287db30596d8ea6ae122b7a8b6f1cb0e08db24fa679

Files

f61818fe8b74d3af78bfc287db30596d8ea6ae122b7a8b6f1cb0e08db24fa679
.dll windows:4 windows x86 arch:x86

6b443dee283868a09fce0d1ad2b681c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeConsole

msvcrt

_beginthreadex
rand
srand
time
malloc
_except_handler3
wcscpy
wcslen
free
_wcsdup
??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
strrchr
_stricmp
strchr
strstr
__CxxFrameHandler
_wtoi
_initterm
_adjust_fdiv

Exports

Exports

MyBegin
ServiceMain

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ