429c84a5241672b4d5296b0615c38542

General

Target

429c84a5241672b4d5296b0615c38542
Size

44KB
MD5

429c84a5241672b4d5296b0615c38542
SHA1

f3b93ac72ce64248a891d72275dcc70810379994
SHA256

abadf3f86ac71d16f97d2791ea7d297d644b645ad8e5aa3ff9a639f8b1a5f96b
SHA512

f091f6d99da315625205ed186e7921b01d449cee9b204bea51c7364007b9b7f8c7661435b2769b2a3c3bd5e1a53bb3e56e27d256008beee59c24ab643b298db9
SSDEEP

768:rQJZcRoU4MXJNwrQHbQ+p8XhDzBxQAtaYHJoai:MEFUrQHE+pAHvLpo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
429c84a5241672b4d5296b0615c38542

Files

429c84a5241672b4d5296b0615c38542
.exe windows:4 windows x86 arch:x86

c441bcb04bd7c804d761d34199e22957

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
lstrlenA
LoadLibraryA
lstrcpyA
GetModuleFileNameA
lstrcatA
GetSystemDirectoryA
GetModuleHandleA
FreeLibrary
CopyFileA
GetVersion
GetCPInfo
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
CloseHandle
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetFilePointer
LCMapStringW
LCMapStringA
ReadFile
GetLastError
GetOEMCP
GetACP
GetSystemTime
GetLocalTime
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapCreate
HeapDestroy
GetFileType
SetFileAttributesA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetTimeZoneInformation
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetCommandLineA
VirtualFree
ExitProcess
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

UpdateWindow
ShowWindow
CreateWindowExA
GetMessageA
DefWindowProcA
CharToOemA
wvsprintfA
wsprintfA
SetTimer
KillTimer
PostQuitMessage
DispatchMessageA
TranslateMessage
RegisterClassExA

shell32

ShellExecuteA

wsock32

ioctlsocket
WSAStartup
recv
send
socket
WSAGetLastError
gethostbyaddr
gethostbyname
htons
gethostname
connect
closesocket

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA
RasGetEntryPropertiesA

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegCreateKeyExA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c441bcb04bd7c804d761d34199e22957

Headers

File Characteristics

Imports

kernel32

user32

shell32

wsock32

rasapi32

advapi32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 100KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 100KB