29f4ab4adb104eb6b2b2d9a1326992f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29f4ab4adb104eb6b2b2d9a1326992f3
Size

90KB
MD5

29f4ab4adb104eb6b2b2d9a1326992f3
SHA1

3ec7157c3a5173def7b59e16b2ad03cd12a86200
SHA256

3627e40bf3f5154a9a3b4a403ee0fb59e4a64da7badcccb56dad6f067cd9143c
SHA512

ecbb3f3455d32ac1955dd76451f92f47a0ddac1b422a928d5c68f0e73fccf89d80a9aef250635a39b5d403b7cba75b77f527f781eb36ebafa1bee1d524316c63
SSDEEP

768:Jykb3BgpXWnRadfB1STR2ehHN9J04vwV/o5h5fKHwDS/R+p1Jt0frwsQtvNZuQhB:Jykb3BgpgR0AR24B08wkhNsZ+5ypI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f4ab4adb104eb6b2b2d9a1326992f3

Files

29f4ab4adb104eb6b2b2d9a1326992f3
.exe windows:4 windows x86 arch:x86

62f88a97b8cb8a7c203f590514d14fef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
CloseHandle
GetModuleHandleA
CreateThread
GetTickCount
SetEvent
FindVolumeClose
FindClose
VirtualProtect
ReleaseMutex
SearchPathA
ExitProcess
FindAtomA
GetDiskFreeSpaceA
lstrlenA
Sleep
DeleteCriticalSection
GetLastError
FindResourceExA
GetCalendarInfoA

advapi32

CloseEventLog
IsValidSid
LsaClose
CloseTrace
RegCreateKeyExA
LsaFreeMemory
RegLoadKeyA
OpenEventLogA
LsaSetSecret
RegCloseKey
RegEnumKeyExA
AccessCheck
FreeSid
GetFileSecurityA
RegCloseKey

msdtcuiu

DllGetClassObject
DtcPerfOpen
DtcPerfCollect
DllRegisterServer
DtcPerfClose

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE