29ea1b6e8070fb3756fa3c7566ba72fc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29ea1b6e8070fb3756fa3c7566ba72fc
Size

36KB
MD5

29ea1b6e8070fb3756fa3c7566ba72fc
SHA1

5dad189abf715b852f47edf4d639f5ad6f9ad4f5
SHA256

7823698409b4c4a3f50b5fd19a17651da9abbe57734843a36f67200cee059f0a
SHA512

359c04642f6deecfe505067d0d7520283095a8fc54d0cd2015e4452a5b3d04ae91aaae7ad740c53d45830e5912f1c490b28aa8b5e3a43ce74942869f760da864
SSDEEP

384:ecEJ7Ew3SlaCdmBk7ZJ8z9sGsNfS2XNVi2yejnWm04t:SJQsSltyk1J8z9sN/NDSm04t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ea1b6e8070fb3756fa3c7566ba72fc

Files

29ea1b6e8070fb3756fa3c7566ba72fc
.exe windows:4 windows x86 arch:x86

a38d8ceaf830e0e7464c8579f8765d2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
WinExec
GetTempPathA
ExitProcess
GetLastError
CreateMutexA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
GetStringTypeW

shlwapi

PathFileExistsA

urlmon

URLDownloadToFileA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE