RemComSvc[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

RemComSvc.7z
Size

40KB
MD5

e0cf52650c3b8e09900d33bc75d9e56d
SHA1

8894e53baed380ea04c04cbf64d6bd1f7d2b389d
SHA256

797e71df4acf198dacc3fe8d77081d69772d0ed0c9e66b4d29dc3d71bd7e5d22
SHA512

f4c61a1ccb194bb272db86dbd6a47b80b1fd13bddf1e1f0a05dd4f25eeda21a65482b5312e03b5f3507eea2a649ca0cc73e181746011feaa413f7cda1822b7b9
SSDEEP

768:TsrzYsendh6Fn66BzwWvGybHbz6xttieBaW927iKbPU+pTZTOK7ckZY3Jfh0cb2S:TeYsedkndBzh76xtt99w7nbhZaKgJ557

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3a2ea65faefdc64d83dd4c06ef617d6ac683f781c093008c8996277732d9bd66

Files

RemComSvc.7z
.7z

Password: infected
3a2ea65faefdc64d83dd4c06ef617d6ac683f781c093008c8996277732d9bd66
.exe windows:4 windows x86 arch:x86

e7c5c119652f243d2c240ed7cdb03c21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
LocalFree
LocalAlloc
ReadFile
GetCurrentProcessId
CreateEventW
WriteFile
DisconnectNamedPipe
InterlockedDecrement
SetEvent
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateNamedPipeW
GetLastError
ConnectNamedPipe
CloseHandle
GetFileAttributesW
CreateDirectoryW
OpenProcess
GetCurrentThreadId
HeapFree
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapAlloc
ExitThread
ResumeThread
CreateThread
RtlUnwind
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
Sleep
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
SetFilePointer
SetStdHandle
InitializeCriticalSection
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

RegisterServiceCtrlHandlerW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e7c5c119652f243d2c240ed7cdb03c21

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B