944d526985a50529b8cad33c4c90e1f50c7fac87e497209e1195d763644b3990N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

944d526985a50529b8cad33c4c90e1f50c7fac87e497209e1195d763644b3990N
Size

821KB
MD5

2a3ad8f983bd7cffe6695d8a23b66360
SHA1

c328eaac8175df9ced07807afd8be2b260babdc9
SHA256

944d526985a50529b8cad33c4c90e1f50c7fac87e497209e1195d763644b3990
SHA512

e9fde09fe216cc96cd1ef78554d61320a63ead98428c6433e5657fa51011f854202ed6e814e133ef3c932c740722254ddd14444e1b76fb8490b7219fc2de9175
SSDEEP

24576:yl4RMXbvqWDKON5GIaNBC6AnUD/BLhES1VTd+IeIkegUdO:yuRMnkIgfAnwpLigpYNU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
944d526985a50529b8cad33c4c90e1f50c7fac87e497209e1195d763644b3990N

Files

944d526985a50529b8cad33c4c90e1f50c7fac87e497209e1195d763644b3990N
.exe windows:4 windows x86 arch:x86

fd853cfb77e738c722b7632e2f403e38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetStdHandle
WriteFile
LocalFree
GetEnvironmentVariableA
FreeConsole
GetSystemInfo
CreateEventW
CreateMutexW
LocalSize
GlobalFree
GetPrivateProfileIntA
ReleaseMutex
SuspendThread
ResetEvent
CloseHandle
GetCommandLineW
InterlockedExchange
VirtualAllocEx
lstrlenA

advapi32

IsValidSid
IsValidSecurityDescriptor
CloseEventLog
RegDeleteValueA
ClearEventLogW
RegCloseKey
InitializeSid
RegCreateKeyExW
RegQueryValueW
RegEnumKeyA
ControlService
CreateServiceW
IsTextUnicode
InitializeSid

fwcfg

InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll
InitHelperDll

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ