29aae1645f627d9621f8a0cbcc72876e

General

Target

29aae1645f627d9621f8a0cbcc72876e
Size

140KB
MD5

29aae1645f627d9621f8a0cbcc72876e
SHA1

1460b03a748e114f3bfc62eff3290729700901f5
SHA256

fa0d4585aac314d370386f8fdf8eb83dbad25cb22b571dd8a8a9abbd9a635905
SHA512

6b1c785d12b5dad8b01fbb0a4eb1bc5e5c81568a7cb8cdc079192217075be2eeeacb827f9650478370f9b0d706c9fa0b4227d9932d2818ff19403453121434c1
SSDEEP

3072:b1avQJ7ZoKRGXf2N5dqQiY1S7G0xp2coA:b1a4JWpwD1SRxpf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29aae1645f627d9621f8a0cbcc72876e

Files

29aae1645f627d9621f8a0cbcc72876e
.exe windows:5 windows x86 arch:x86

7d5a0995e4c6845b77a93879a862df22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetProcAddress
LoadLibraryA
FindAtomA
CloseHandle
VirtualAlloc
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetModuleFileNameA
GetCurrentProcessId
lstrlenA
GetTempPathA
HeapAlloc
GetProcessHeap
HeapFree
LCMapStringW
LCMapStringA
GetModuleHandleW
ExitProcess
RtlUnwind
RaiseException
GetCommandLineA
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

shlwapi

wnsprintfA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d5a0995e4c6845b77a93879a862df22

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 3KB