9b29b2eb2e2ca1ee5d1cff95dfb856e0

General

Target

9b29b2eb2e2ca1ee5d1cff95dfb856e0
Size

60KB
MD5

9b29b2eb2e2ca1ee5d1cff95dfb856e0
SHA1

e58552357e052d2487da1bcca1beaa74f23b67a9
SHA256

e7757d41b3ee076048f42ddec61de9adf11d7de2ad758d5214acf189e0dcd49f
SHA512

f4cf6ce6e1b2c3223b5e1d1dfc20b0032e2854cdbc3521ca7b18de19a9aa48b2c1224c0dbddfc6697fcf374c4532e84534f366c9f8413a10fc1a91339872bc58
SSDEEP

1536:/k+YDa51Y3hHkwyBsa7eGMOMb19Mk4byBP:/km2HNusa7eGM1b19z4byB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b29b2eb2e2ca1ee5d1cff95dfb856e0

Files

9b29b2eb2e2ca1ee5d1cff95dfb856e0
.exe windows:4 windows x86 arch:x86

861dbceabcf3001b9cc8de6174f0468d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleFileNameA
GetProcAddress
lstrcmpA
GetTimeFormatW
GetSystemDefaultLangID
GetVersionExA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SetLastError
LockResource
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LoadResource
lstrlenA
WaitForSingleObject
IsBadReadPtr
ReleaseMutex
CompareFileTime
CloseHandle
EnterCriticalSection
SystemTimeToFileTime
LeaveCriticalSection
GetLastError
Sleep
GetSystemTime
lstrcpynA
AreFileApisANSI
GetTickCount
GetUserDefaultLCID
LocalAlloc
GetLocaleInfoW
LocalReAlloc
GetCurrentProcess
LocalFree
DeleteFileW
ExpandEnvironmentStringsA
DeleteFileA
LoadLibraryA
LoadLibraryW
CreateProcessA
CreateProcessW
CreateMutexA
CreateMutexW
SearchPathA
SearchPathW
SetFileAttributesA
SetFileAttributesW
FindResourceA
FindResourceW
GetDateFormatW
GetTimeFormatA
ExpandEnvironmentStringsW
GetDateFormatA
HeapAlloc
GetProcessHeap
HeapFree
FreeResource

secur32

DecryptMessage
ExportSecurityContext
AddCredentialsW
SaslEnumerateProfilesW
AddSecurityPackageA
DeleteSecurityContext
RevertSecurityContext
InitializeSecurityContextA
AddSecurityPackageW
AcquireCredentialsHandleA
AcceptSecurityContext
QueryCredentialsAttributesA
SaslGetProfilePackageW
SaslIdentifyPackageA
InitSecurityInterfaceA
EnumerateSecurityPackagesW
SaslEnumerateProfilesA
ImportSecurityContextW
MakeSignature
EncryptMessage
CompleteAuthToken

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

861dbceabcf3001b9cc8de6174f0468d

Headers

File Characteristics

Imports

kernel32

secur32

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 4KB - Virtual size: 514B

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 4KB - Virtual size: 514B