| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | services.exe |
| File Type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| SHA1: | 44a3eaf1e91ac124b950dceaf870c5cb574403c0 |
| MD5: | 059bff8c2b8b17074a8244b83a0e5064 |
| First Seen Date: | 2023-07-01 10:57:31.076012 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2023-07-02 20:15:34.188225 ( ) |
| Human Expert Analysis Date: | 2023-07-02 11:50:13.805692 ( ) |
| Human Expert Analysis Result: | Malware |
| Property | Value |
|---|---|
| magic literal enum | 4 |
| file type enum | 7 |
| debug artifacts | [] |
| number of sections | 3 |
| trid | [[87.1, u'UPX compressed Win32 Executable'], [6.4, u'Generic Win/DOS Executable'], [6.4, u'DOS Executable Generic']] |
| compilation time stamp | 0x64A008FD [Sat Jul 1 11:07:41 2023 UTC] |
| LegalCopyright | \xa9 Microsoft Corporation. All rights reserved. |
| FileVersion | 10.0.17134.1 (WinBuild.160101.0800) |
| CompanyName | |
| ProductName | Services and Controller app |
| ProductVersion | 10.0.17134.1 (WinBuild.160101.0800) |
| FileDescription | Services and Controller app |
| OriginalFilename | service.exe |
| Translation | 0x0000 0x04b0 |
| entry point | 0x14073eb20 (UPX1) |
| machine type | AMD64 only, not Itaniums, with 0200 - 64 bit |
| file size | 1631744 |
| ssdeep | 49152:QE7xMPyJsGj8senhOMC8zVve9uuu7vNZO:tM6fMOMguF7vNZ |
| sha256 | 0ef6fb2827f5a470de72dd1355a8aa51e12c073386b4a1a8d4fc064ec7dd74fe |
| exifinfo | [{u'EXE:FileSubtype': 0, u'File:FilePermissions': u'rw-r--r--', u'SourceFile': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/4/a/3/44a3eaf1e91ac124b950dceaf870c5cb574403c0', u'EXE:OriginalFileName': u'service.exe', u'EXE:ProductName': u'Services and Controller app', u'File:MIMEType': u'application/octet-stream', u'File:FileAccessDate': u'2023:07:02 20:15:21+00:00', u'EXE:InitializedDataSize': 4096, u'File:FileModifyDate': u'2023:07:01 10:56:58+00:00', u'EXE:FileVersionNumber': u'3.3.1.0', u'EXE:FileVersion': u'10.0.17134.1 (WinBuild.160101.0800)', u'File:FileSize': u'1594 kB', u'EXE:CharacterSet': u'Unicode', u'EXE:MachineType': u'AMD AMD64', u'EXE:FileOS': u'Win32', u'EXE:ProductVersion': u'10.0.17134.1 (WinBuild.160101.0800)', u'EXE:ObjectFileType': u'Executable application', u'File:FileType': u'Win64 EXE', u'EXE:CompanyName': u'', u'File:FileName': u'44a3eaf1e91ac124b950dceaf870c5cb574403c0', u'EXE:ImageVersion': 0.0, u'File:FileTypeExtension': u'exe', u'EXE:OSVersion': 6.0, u'EXE:PEType': u'PE32+', u'EXE:TimeStamp': u'2023:07:01 11:07:41+00:00', u'EXE:FileFlagsMask': u'0x003f', u'EXE:LegalCopyright': u'\xa9 Microsoft Corporation. All rights reserved.', u'EXE:LinkerVersion': 14.29, u'EXE:FileFlags': u'(none)', u'EXE:Subsystem': u'Windows GUI', u'File:Directory': u'/nfs/fvs/valkyrie_shared/core/valkyrie_files/4/4/a/3', u'EXE:FileDescription': u'Services and Controller app', u'EXE:EntryPoint': u'0x73eb20', u'EXE:SubsystemVersion': 6.0, u'EXE:CodeSize': 1630208, u'File:FileInodeChangeDate': u'2023:07:01 10:56:58+00:00', u'EXE:UninitializedDataSize': 5967872, u'EXE:LanguageCode': u'Neutral', u'ExifTool:ExifToolVersion': 10.1, u'EXE:ProductVersionNumber': u'3.3.1.0'}] |
| mime type | application/x-dosexec |
| imphash | bb388b5fb16beacfa2a7403d25eaa8c4 |
| File Path on Client | Seen Count |
|---|---|
| 44a3eaf1e91ac124b950dceaf870c5cb574403c0 | 1 |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| UPX0 | 0x1000 | 0x5b1000 | 0x0 | 0.0 | d41d8cd98f00b204e9800998ecf8427e |
| UPX1 | 0x5b2000 | 0x18e000 | 0x18da00 | 7.99979080901 | 8a647a8dfb6398d23aa5341fd5984762 |
| .rsrc | 0x740000 | 0x1000 | 0xa00 | 3.77523195089 | 181caf0ce0581d47728db936a5e87372 |
-
ADVAPI32.dll
- LsaClose
-
bcrypt.dll
- BCryptGenRandom
-
CRYPT32.dll
- CertOpenStore
-
IPHLPAPI.DLL
- GetAdaptersAddresses
-
KERNEL32.DLL
- LoadLibraryA
- ExitProcess
- GetProcAddress
- VirtualProtect
-
ole32.dll
- CoInitializeEx
-
PSAPI.DLL
- GetProcessMemoryInfo
-
USER32.dll
- ShowWindow
-
USERENV.dll
- GetUserProfileDirectoryW
-
WS2_32.dll
- ioctlsocket
{u'lang': u'LANG_ENGLISH', u'name': u'RT_VERSION', u'offset': 7602340, u'sha256': u'f6e26c5118f64b8c8d3eb6c35430f2ca09e67cc58fa3068ae3d33a5b1cd23066', u'type': u'data', u'size': 840}
{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 7603184, u'sha256': u'49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e', u'type': u'ASCII text, with CRLF line terminators', u'size': 346}