0aa9c3d901f7d0447417ca0d7315dec99f1607efd397a660365b3be601ddd882 | Triage

Sharing

General

Target

0aa9c3d901f7d0447417ca0d7315dec99f1607efd397a660365b3be601ddd882
Size

1.1MB
MD5

59b7ec85012da5fa1028820d2f97e507
SHA1

61653b380392efd0d218aa87705f87109ee2684b
SHA256

0aa9c3d901f7d0447417ca0d7315dec99f1607efd397a660365b3be601ddd882
SHA512

e0a02d223bb8758eb51b941daad84dca6b1520aa053e762954f7987339027ec7aa0d32d344580efe5a3a508c760619769d90517496bcd8bd6cb62c0d9e4e5f9f
SSDEEP

24576:XJZEZJPVUVTmTj0CfOZuzhg1HREnUjwSGvQ+giNxMOacZR:XJZEPPMT2j0CGZuimnUVGvQ+giNOOPR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0aa9c3d901f7d0447417ca0d7315dec99f1607efd397a660365b3be601ddd882

Files

0aa9c3d901f7d0447417ca0d7315dec99f1607efd397a660365b3be601ddd882
.exe windows:4 windows x86 arch:x86

900a5641d85f1db8128310252e51b07f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
Sleep
lstrcmpiA
lstrcpyA
GlobalFree
GlobalAlloc
GetVersion
GetModuleFileNameA
GetLastError
GetEnvironmentVariableA
ExitProcess
CreateProcessA
CreateFileA
lstrcatA
CloseHandle

advapi32

StartServiceA
OpenServiceA
OpenSCManagerA
LookupAccountSidA
GetUserNameA
DeleteService
CreateServiceA
ConvertStringSidToSidA
CloseServiceHandle
StartServiceCtrlDispatcherA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ