029d0cc47382ac9be476ce5b81903860

Sharing

Copy URL

Twitter E-mail

General

Target

029d0cc47382ac9be476ce5b81903860
Size

512KB
MD5

029d0cc47382ac9be476ce5b81903860
SHA1

f0d327f702068d12b47c38314ce9f70b51d9808b
SHA256

06cfacdaf6338ddb0f84cd998f77b0d5e16fd07434faa71ab64a7780f5d807c1
SHA512

b36e953b245e2b8697dcdf5ebf29ccbe6bd9eaffb94918d8b3b3c2d963be490872b39b534cb7e5c2e1f6f9b9d6385bfef0eebedd2c2d8167ee95682fa3e1b6ae
SSDEEP

12288:d+8aXfXs7j4IfrjJcc+FvXqDrB+we8D23AtHnB4rLeeJqwP:d+8zLrj+xv6DPFQAdB4RqwP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
029d0cc47382ac9be476ce5b81903860

Files

029d0cc47382ac9be476ce5b81903860
.dll windows:4 windows x86 arch:x86

2c44e2a2c03dd906e4f88417224feef9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetGetConnectedState

lz32

LZOpenFileA
LZCopy
LZClose

kernel32

GetLastError
FindClose
FindNextFileA
FindFirstFileA
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryExA
SetErrorMode
CopyFileA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
SetFileAttributesA
Sleep
EnterCriticalSection
CreateFileA
FlushFileBuffers
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
DeleteFileA
MoveFileA
InterlockedDecrement
InterlockedIncrement
HeapFree
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
CloseHandle
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetStdHandle

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyA

ole32

OleInitialize
OleUninitialize

Exports

Exports

Get_Version
main
version

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 499KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c44e2a2c03dd906e4f88417224feef9

Headers

File Characteristics

Imports

shlwapi

wininet

lz32

kernel32

advapi32

ole32

Exports

Exports

Sections

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 499KB - Virtual size: 514KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 6KB - Virtual size: 6KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 499KB - Virtual size: 514KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 6KB - Virtual size: 6KB