1571fa962f0dcf897a2e5e5026e185d5427bde1e7e3cf59b04fa8cff90a478abN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1571fa962f0dcf897a2e5e5026e185d5427bde1e7e3cf59b04fa8cff90a478abN
Size

31KB
MD5

1e554ff769670eef9f5b6c19155caeb0
SHA1

f5c10d4d2176a7bf648393335bc7d7614e7ce290
SHA256

1571fa962f0dcf897a2e5e5026e185d5427bde1e7e3cf59b04fa8cff90a478ab
SHA512

aec2c15f440f1d8e4f9a93220b4067af64b6b5c5dd3d2df8c06e2580688eed78a013f6eae9fb553d95360fb63eab7addabca742bdcfdee6e8bee5fec62a566cb
SSDEEP

768:xBV6B6ac6evTl/1RmWoMAm/HxP9YY5CQUx8rJK8F:fVArgvTMWofm/HxP+hHqdtF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1571fa962f0dcf897a2e5e5026e185d5427bde1e7e3cf59b04fa8cff90a478abN

Files

1571fa962f0dcf897a2e5e5026e185d5427bde1e7e3cf59b04fa8cff90a478abN
.exe windows:5 windows x86 arch:x86

64883ebda99d2865fe84af500557d2f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

loadperf

BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW
UpdatePerfNameFilesA
LoadPerfCounterTextStringsW

msvcrt

_initterm
__setusermatherr
__getmainargs
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
mbstowcs
_adjust_fdiv

kernel32

HeapFree
HeapAlloc
GetProcessHeap
lstrlenA
GetCommandLineW
GetModuleHandleA
SearchPathA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE