7504af2d5570cf0cc402217fa274e5f7e387ce8ee905a4d425c09d1cb4479daa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7504af2d5570cf0cc402217fa274e5f7e387ce8ee905a4d425c09d1cb4479daa
Size

928KB
MD5

cd7f89e4b5af53b65c4b31f15198f06b
SHA1

fac94a9160df71409e4c8e40d9cc51e0830dd78e
SHA256

7504af2d5570cf0cc402217fa274e5f7e387ce8ee905a4d425c09d1cb4479daa
SHA512

f68ed22364f269fc4180c2950466b6df879ad255f1b16dcca20720fa150e4db0d44a158a4fba0a4e3e48865324071f860a6c1d1b2a9366214316b800a1d4131c
SSDEEP

24576:ZW2nfJ1mtXY0URCe1CqREHXAX+FKT5iFRj7V:ZXfGtXYNRhCTHQX++5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7504af2d5570cf0cc402217fa274e5f7e387ce8ee905a4d425c09d1cb4479daa

Files

7504af2d5570cf0cc402217fa274e5f7e387ce8ee905a4d425c09d1cb4479daa
.dll windows:4 windows x86 arch:x86

24fadf10e7ee145e0732bf778fea47f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DeleteFileA
GetModuleFileNameA
IsBadReadPtr
HeapFree
VirtualAlloc
HeapAlloc
ExitProcess
GetModuleHandleA
GetProcessHeap
GetLastError
FreeLibrary
VirtualFree

advapi32

CryptDecrypt
CreateServiceA
StartServiceA
ControlService
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA

msvcrt

sprintf
modf
_ftol

user32

wsprintfA
MessageBoxA

Exports

Exports

GetFileName
KsCreateAllocator
KsCreateAllocator2
KsCreateClock
KsCreateClock2
KsCreatePin
KsCreatePin2
KsCreateTopologyNode
KsCreateTopologyNode2
StartDriver

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ