29b7ad08d49e8d4436a33d36fe06de9d

Sharing

Copy URL Twitter E-mail

General

Target

29b7ad08d49e8d4436a33d36fe06de9d
Size

151KB
MD5

29b7ad08d49e8d4436a33d36fe06de9d
SHA1

b8193866647cb31bc707e631fa72e2be2e753dd6
SHA256

75f91e7d4d869c93a3aa4f3f718a2e0f31eb2fae98e58b680c067d2f2ae6554f
SHA512

1e87f3de64076194cdae3520b774798506da51977b189dd0c47af35a4cb907da647fc04beb351b29f80cbe42e596d23f4d869e3a7c29fe8beca5eb493c36157d
SSDEEP

3072:5jEzpRHIu5ma/zCMTvq42JmJbm9bjTUDSfRNusXCPgtMgfjQa:5y7HN5maTJ26AYDSZNugbtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b7ad08d49e8d4436a33d36fe06de9d

Files

29b7ad08d49e8d4436a33d36fe06de9d
.exe windows:5 windows x86 arch:x86

c1095c88c30bab96b3a665df9a110994

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyA
StartServiceA
RegOpenKeyA
RegOpenKeyW
RegQueryValueExW
OpenSCManagerA
RegCloseKey
QueryServiceStatus
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfigA
OpenServiceA
CloseServiceHandle
RegSetValueExA

user32

wsprintfA

ntdll

RtlUshortByteSwap
NtCreateDebugObject
NtAllocateVirtualMemory

setupapi

SetupDiDestroyDeviceInfoList
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsA
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupPromptForDiskA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupGetSourceFileLocationA
SetupGetSourceInfoA
SetupOpenMasterInf
SetupDiCallClassInstaller

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

tapi32

lineGetDevCapsW
lineShutdown
lineInitializeExW
lineOpen
lineGetID
lineClose
lineNegotiateAPIVersion

kernel32

GetModuleHandleA
lstrcmpiW
GetCPInfo
VirtualAlloc
GlobalFree
HeapReAlloc
lstrcpyA
HeapFree
GetTickCount
LCMapStringA
ExitProcess
GetLocaleInfoA
GetTempPathW
GlobalAlloc
LoadLibraryA
FreeLibrary
lstrlenA
LoadLibraryW
GetStringTypeA
GetVersionExA
GetProcAddress
HeapAlloc
lstrcmpA
FormatMessageA
CloseHandle
WideCharToMultiByte
GetProcessHeap
WriteFile
Sleep
VirtualQuery
LCMapStringW
CreateDirectoryW
GetSystemInfo
VirtualProtect
VirtualFree
GetTempFileNameW
lstrlenW
lstrcmpiA
GetShortPathNameW
CreateFileA
GetLastError
MultiByteToWideChar

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1095c88c30bab96b3a665df9a110994

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ntdll

setupapi

ole32

tapi32

kernel32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 352KB

.rdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 137KB - Virtual size: 136KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 352KB

.rdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 137KB - Virtual size: 136KB

.reloc
Size: 512B - Virtual size: 24B