c129cb8a494126f55916914549dd1f65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c129cb8a494126f55916914549dd1f65
Size

755KB
MD5

c129cb8a494126f55916914549dd1f65
SHA1

d4ffc0920bc5fd96f7d7ce9ebe8cfc62997fba02
SHA256

e010c16c40cd6fb53aa883d6e7381e17099bf4844d34ed48ada26c7899158b25
SHA512

4391eb8330d8f5088998b05b1730b3c84e04964489827b049c9c098b068d8ea0746b74d975971c618a0b25217082c7c979fd352e98e8082dcc0aaf203e9dae09
SSDEEP

12288:21y4FB8iguszoa9LdKnpLfRSMs6QlqDJUpDPAkCQPr/4I2ZIOgLXHSfqWqYs/lui:2ln1pra5dsRq6QOJHkhPl2y3u8RYpY4s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c129cb8a494126f55916914549dd1f65

Files

c129cb8a494126f55916914549dd1f65
.exe windows:4 windows x86 arch:x86

d4ff4e9520d2b9d618be12fecec0c0ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
DeleteFileA
Sleep
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LockResource
lstrcpyA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA

lz32

LZCopy
LZOpenFileA
LZClose

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ