6e29cd9680ec53393e1727a29442a33a

Sharing

Copy URL Twitter E-mail

General

Target

6e29cd9680ec53393e1727a29442a33a
Size

108KB
MD5

6e29cd9680ec53393e1727a29442a33a
SHA1

fa09417850c86560c914f49ddd06ca2404d12a4c
SHA256

e84d7a2f862939168ba95bba1767c1117152b1fccfc8fcb6aa33e669ae09cb5d
SHA512

f214d74ba0319f8178fb5b0dc29cff4973d72818d0c6b092aa588449928cfd9753dba64ca4f845d7042b2b0b8f1087c84656055049df81bef7bddd4815034a50
SSDEEP

1536:u44GLwDAtW+Nm3unr3ATfTFTo/37VszBNuh7evkEMkJcOrPjxpuy1TgjHYFFK:uZ2wUNNm3u7w5M+3uhavkGtjyNk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e29cd9680ec53393e1727a29442a33a

Files

6e29cd9680ec53393e1727a29442a33a
.dll windows:4 windows x86 arch:x86

f080022b01baab52649a55eeee38c61d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
LocalReAlloc
FindClose
FindNextFileW
CompareStringW
lstrcmpiW
GetEnvironmentVariableW
FindCloseChangeNotification
CloseHandle
Sleep
WaitForMultipleObjects
FindNextChangeNotification
CreateEventW
FindFirstChangeNotificationW
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
LocalAlloc
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
FormatMessageW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
GlobalFree
DisableThreadLibraryCalls
lstrlenW
GetCommandLineA
LocalFree
VirtualProtect

user32

GetDlgItem
PostMessageW
SendMessageW
LoadStringW
PostQuitMessage
LoadIconW
DefWindowProcW
DialogBoxParamW
KillTimer
DestroyIcon
SetTimer

advapi32

RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllGetClassObject

msvcrt

wcslen
wcsncpy
wcscpy
wcscat
realloc
wcsrchr
wcschr
log
_adjust_fdiv
wcscmp
wcsstr
_CxxThrowException
memcpy
_except_handler3
_initterm
exit
_XcptFilter
_cexit
setlocale
_wcsnicmp
_ultow
malloc
free
_amsg_exit

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f080022b01baab52649a55eeee38c61d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

msvcrt

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB