29fd478466f115df576c4811696648b0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29fd478466f115df576c4811696648b0
Size

17KB
MD5

29fd478466f115df576c4811696648b0
SHA1

4097be31ace5c80bc0cd105de0d157f6e40a341d
SHA256

48ff48c2506e590ab6e83efcc4061277bfd428c7ec83d96ed44763719ca6f9df
SHA512

ec0bf8bbe67acd56fd707bff176d7b40ac3d589706bffae6821a45b5c10c99fec12e0738f2e2f924a342f67a23e812174e91f6caa51afe32670e87dbb30c41f8
SSDEEP

384:7ra1oZhsjV95GPQKJ9anuVCTae+kszAqe2:i1oZhsjr5GrJ0uATaHkkAX2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29fd478466f115df576c4811696648b0

Files

29fd478466f115df576c4811696648b0
.exe windows:4 windows x86 arch:x86

cfcc6e72d28fdcbaac1f20fa2d3c4dd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
lstrlenA
Sleep
lstrcmpA
FindClose
FindNextFileA
UnmapViewOfFile
FindFirstFileA
lstrcatA
lstrcpyA
FreeLibrary
VirtualAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GetFileSize
CloseHandle
SetPriorityClass
GetCurrentProcess
CreateProcessA
WriteFile
LockResource
LoadResource
FindResourceA
CopyFileA
GetSystemDirectoryA
GetSystemTime
GetCurrentProcessId
HeapAlloc
GetVersion
GetEnvironmentVariableA
ExpandEnvironmentStringsA
CreateFileA
GetProcessHeap
CreateFileMappingA
MapViewOfFileEx
CreateThread
GetModuleFileNameA
GetModuleHandleA
ExitProcess
TerminateProcess

user32

wsprintfA

advapi32

RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegQueryValueExA

ws2_32

bind
connect
htons
inet_addr
gethostbyname
socket
accept
recv
listen
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
inet_ntoa

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ