29d5f479c73477b38d82bec91770639b

Sharing

Copy URL

Twitter E-mail

General

Target

29d5f479c73477b38d82bec91770639b
Size

120KB
MD5

29d5f479c73477b38d82bec91770639b
SHA1

f479e92ac82a030757dc428b1bca910630f3a52b
SHA256

8e13a895419523313498749c0d43174e74263983f209d3f67f77b53c0d016561
SHA512

d5f2c3786283efec1254c2a046e256c0af913c21c8028cf29df68ec94d892edddafedcb4df9d8acf1ce4d49591afd7240f6c0c05af3cb593a3491cc5397f51c5
SSDEEP

1536:d/EfPPYa2i79wjuT+UjAgAbK/1X1ARCFlCtHqdnuAXOfWiyNYjkfRFX477SxBrxb:d/2PPY9iNjh5llCtH0iyCeRJh+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d5f479c73477b38d82bec91770639b

Files

29d5f479c73477b38d82bec91770639b
.exe windows:4 windows x86 arch:x86

89f71392d4ac901e145965a6861621a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
GetModuleFileNameW
lstrcmpiW
CopyFileW
DeleteFileW
SetFileAttributesW
SetLastError
GetLastError
GetFileAttributesW
Sleep
lstrlenW
GlobalFree
WaitForSingleObject
OpenEventW
lstrlenA
LockResource
LoadResource
FindResourceW
OutputDebugStringW
GetCommandLineW
LCMapStringA
GetLocaleInfoA
GetSystemInfo
GetComputerNameW
lstrcpyW
FreeLibrary
CloseHandle
CreateFileW
lstrcatW
GetProcAddress
MultiByteToWideChar
HeapFree
GetProcessHeap
lstrcmpW
HeapAlloc
VirtualProtect
HeapSize
SetConsoleCtrlHandler
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualQuery
ExitProcess
RtlUnwind
GetModuleHandleA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
InterlockedExchange

user32

LoadStringW
wsprintfW

advapi32

StartServiceW
ControlService
CreateServiceW
QueryServiceConfigW
ChangeServiceConfigW
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
DeleteService

shell32

CommandLineToArgvW

ole32

CoCreateGuid
StringFromGUID2

odbc32

ord13
ord18
ord4
ord9
ord111
ord24
ord141
ord136
ord26
ord31
ord75

mpr

WNetCancelConnection2W

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89f71392d4ac901e145965a6861621a4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

odbc32

mpr

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 52KB - Virtual size: 52KB