f29594fb79d40361d580b99f5030bb8e

Sharing

Copy URL

Twitter E-mail

General

Target

f29594fb79d40361d580b99f5030bb8e
Size

210KB
MD5

f29594fb79d40361d580b99f5030bb8e
SHA1

8e1733e4e46d09419717914fb62b35518494fcf1
SHA256

f484426477eb8d0ebbcb5bf50e89d53d46921e0e5ecf9dbf821d2126370d31cf
SHA512

617a4a4be42c3b18d02a78dc1a71bb2156633bb4e3eef7039ac0a0be8e39f54c1fc9f942c8780e86a3100227a9e818c260d09d3f82a9327e2f7e21053d571316
SSDEEP

3072:f+OLS3Mc1mEiHEGAm0aSjpC+zHzAFS5q9C4fbvs1B5gpYZ0vFO/1:f1cRd3akpC+TEFNChB56G08/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f29594fb79d40361d580b99f5030bb8e

Files

f29594fb79d40361d580b99f5030bb8e
.exe windows:6 windows x86 arch:x86

89cefd8464501ed3c23895ae7cbf03d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
RegisterClassW
UnregisterClassW
ShowWindow
UpdateWindow
DispatchMessageW
LoadStringW
ShutdownBlockReasonCreate
PostQuitMessage
DefWindowProcW
GetMonitorInfoW
AllowSetForegroundWindow
GetAncestor
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
EnumThreadWindows
MessageBoxW
GetWindowThreadProcessId
TranslateMessage
EnumWindows
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
SetCursor
LoadCursorW
DestroyWindow
EnableWindow
IsWindow

msvcrt

memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??0exception@@QAE@XZ
wcsncmp
wcschr
memset
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_vsnwprintf
_wtol
iswdigit
memcpy
_wcsicmp
malloc
memcpy_s
fclose
fflush
fputws
fopen_s
calloc
_wcsnicmp
wcsrchr
_wsplitpath_s
rand
srand
wcscat_s
??1type_info@@UAE@XZ
_unlock
__p__fmode
__set_app_type
_CxxThrowException
_purecall
free
__p__commode
__setusermatherr
_amsg_exit
_initterm
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp

ntdll

NtSetInformationProcess
EtwEventRegister
EtwEventActivityIdControl
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
CreateFileW
ReadFile
GetFileSizeEx
FileTimeToLocalFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
HeapSize

api-ms-win-core-interlocked-l1-1-0

InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA
LoadLibraryExW

api-ms-win-core-misc-l1-1-0

LocalFree
lstrlenW
Sleep

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

SetProcessShutdownParameters
SetThreadPriority
GetCurrentThread
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
GetThreadPriority
GetExitCodeProcess
CreateProcessW
OpenThreadToken
ResumeThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
ResetEvent
SetWaitableTimer
CancelWaitableTimer
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
SystemTimeToFileTime

api-ms-win-core-threadpool-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetSecurityDescriptorDacl
GetLengthSid
CopySid
CheckTokenMembership
MakeAbsoluteSD
GetSecurityDescriptorControl
InitializeAcl
AddAce
CreateWellKnownSid
GetSecurityDescriptorSacl

ole32

CoEnableCallCancellation
CoCancelCall
CoUninitialize
CoInitializeEx
CoDisconnectObject
CoRevertToSelf
CoImpersonateClient
CoMarshalInterface
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemFree
StringFromCLSID
IIDFromString
StringFromGUID2
CoCreateInstance
CoDisableCallCancellation
CoInitializeSecurity

oleaut32

SysReAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString
SysFreeString

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncCancelCall
NdrAsyncClientCall
RpcStringFreeW
RpcBindingSetAuthInfoExW

kernel32

IsWow64Process
LocalAlloc
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
UnregisterWait
RegisterWaitForSingleObject
DelayLoadFailureHook
CreateWaitableTimerW
WaitForMultipleObjects
DeleteAtom
GetCurrentDirectoryW
DebugBreak
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89cefd8464501ed3c23895ae7cbf03d0

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

ntdll

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-1-0

api-ms-win-security-base-l1-1-0

ole32

oleaut32

rpcrt4

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 44KB - Virtual size: 43KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 32KB