629e85d24ad562addb6afa7a26466de0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

629e85d24ad562addb6afa7a26466de0
Size

249KB
MD5

629e85d24ad562addb6afa7a26466de0
SHA1

34c83e75c3fcef561e36ba1c0d7eacbdc3f081c2
SHA256

55b95f5af3d683d101c07f92d70673bc49b898abfdf1c7d93ce01f233ee55428
SHA512

30c69281d408c454254c0e795406f1232cce577f7ee2e8d770fb41f35af0958e656ad5b9e13159172b8428dd44c02dd4f8ccc5740885cf0c4617dfe29ee34a28
SSDEEP

6144:WAC7p/mXYZiFudvV8Bwq/H0ZkavDDqH42z:WzJZd1YHSvDD+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
629e85d24ad562addb6afa7a26466de0

Files

629e85d24ad562addb6afa7a26466de0
.exe windows:4 windows x86 arch:x86

40f4ede7b0a5820bcd13436011429cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindClose
SetEndOfFile
GetModuleHandleA
CreateFileA
DeleteFileA
FindAtomA
ReleaseMutex
ResetEvent
IsBadCodePtr
GetFileSize
HeapSize
GetEnvironmentVariableA
InitializeCriticalSection
HeapDestroy
GetTickCount
GetCurrentDirectoryA
ExitProcess
FindClose
HeapCreate
ResumeThread
SetFileAttributesA
WaitForSingleObject
GetTickCount
GetStartupInfoW

wininet

DeleteUrlCacheEntryA
FindCloseUrlCache
FtpFindFirstFileA
FtpGetFileA
FtpPutFileA
HttpEndRequestA
FtpGetCurrentDirectoryA
FtpDeleteFileA
FtpCreateDirectoryA
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
HttpQueryInfoA
FtpOpenFileA

qmgrprxy

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ