c29085e1797b2380eccec09bbc3c9bc6 | Triage

Sharing

General

Target

c29085e1797b2380eccec09bbc3c9bc6
Size

330KB
MD5

c29085e1797b2380eccec09bbc3c9bc6
SHA1

2006bb6cc003d0582f7a69d6319daf76df1682af
SHA256

39497374c90b2e3b9c728e985d47d221529cacbba8b7e252759170c8480d9e20
SHA512

bf85ba74c0f3cdbda9cd30917e17f35cabc857306304be5fe794dd08193dcaaf86756e14df7aa432c34a9b0b59d40bb846e0bb4b883ddda9a4d9ada72ad3e722
SSDEEP

6144:qgLHnviIkzIsHFd1ZN6a4p8EuOHcjEoeuNzlE5EjuMcd9YX+zl1JzV1LTGNCj1j:qUHvEzI+b1aa4p7uPjEhu3EckdSQ1Jz1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c29085e1797b2380eccec09bbc3c9bc6

Files

c29085e1797b2380eccec09bbc3c9bc6
.exe windows:4 windows x86 arch:x86

98e2f25a49b081b329d7b64f07ed201e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
lstrlenA
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
GetModuleHandleA
GetProfileIntA
GlobalUnlock
GetVersion
VirtualProtect
SuspendThread
GetConsoleCP
LoadLibraryExA
GetTickCount
GetSystemDefaultLangID
HeapCreate
HeapReAlloc
GetCommandLineA
GetStdHandle
AddAtomA
CompareFileTime

user32

InvertRect
FindWindowA
CreateIcon
EnableScrollBar
GetMenuStringA
SubtractRect
InsertMenuA
DestroyMenu
MessageBoxA
CreateMenu
IsDialogMessage
DrawCaption
CreateCaret
GetKeyState
SetWindowPos
EqualRect
CopyRect
GetKeyboardLayout
ModifyMenuA
CreateCursor
CopyImage
DispatchMessageA
SetPropA
GetDlgItem
DialogBoxParamA

netapi32

DsGetDcNextA
DsGetDcNameA
DsRoleFreeMemory
DsGetDcOpenA
DsRoleCancel

wldap32

ldap_add

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ