29079120c9a5b15d9f3a9a79ed52627e

Sharing

Copy URL

Twitter E-mail

General

Target

29079120c9a5b15d9f3a9a79ed52627e
Size

490KB
MD5

29079120c9a5b15d9f3a9a79ed52627e
SHA1

803e595a07047eea7182a0407538bcb305e028fd
SHA256

31a90f5b298e7603839fdbfcf368708cfbfb964b34c0454e5424b7d27e1fc8e2
SHA512

439a16afc8cd5c5d4014b303f35f0260ab52094d79f87bb1d74cdbd506e71268ad9b02e7affe6957d5307b9ebc0ae873e456f7250faf51aaf0a98946f4614959
SSDEEP

12288:6FT9xsp60Oj50lA5V2B4zEFQ15HA7S9dwZGI:6FT9xss0OjQ3m1kS9+ZG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29079120c9a5b15d9f3a9a79ed52627e

Files

29079120c9a5b15d9f3a9a79ed52627e
.exe windows:5 windows x86 arch:x86

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

kernel32

GetProcessHeap
Sleep
GetFileAttributesA
GetModuleHandleA
DeleteFileA
WriteFile
lstrcpyA
lstrlenA
WaitForSingleObject
SleepEx
OpenProcess
GetExitCodeProcess
CreateProcessA
TerminateProcess
CreateDirectoryA
lstrcmpiA
GetModuleFileNameA
GetFileSize
SetFilePointer
ReadFile
LoadLibraryExA
GetComputerNameA
GetVolumeInformationA
LocalFree
GetLocalTime
GetVersionExA
MoveFileExA
lstrcatA
GetFullPathNameA
DosDateTimeToFileTime
HeapFree
GetFileTime
LocalFileTimeToFileTime
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
OpenMutexA
HeapAlloc
CreateFileA
OpenFileMappingA
CloseHandle
CreateToolhelp32Snapshot
CreateFileMappingA
Process32Next
LoadLibraryA
GetProcAddress
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
Process32First
InterlockedDecrement
GetCPInfo
FreeLibrary
lstrcpynA
MapViewOfFile
LCMapStringA
SetFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
GetStdHandle
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetFileType
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TlsGetValue
LCMapStringW

user32

FindWindowA
IsWindow
SendMessageA
EndPaint
GetMessageA
GetClassNameA
RegisterClassExA
GetWindowThreadProcessId
LoadStringA
BeginPaint
TranslateMessage
CreateWindowExA
TranslateAcceleratorA
PostQuitMessage
DefWindowProcA
LoadAcceleratorsA
ShowWindow
DispatchMessageA
IsWindowVisible
UpdateWindow
EnumWindows

advapi32

ConvertSidToStringSidA
LookupAccountNameA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA

shell32

SHGetFolderPathA

oleaut32

VariantClear

shlwapi

PathFileExistsA
StrStrIA
wnsprintfA
StrToIntA
StrChrA
SHDeleteKeyA
StrNCatA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 15KB - Virtual size: 25KB

.cdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 15KB - Virtual size: 25KB

.cdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 10KB - Virtual size: 10KB