e05b29ab19352f052f85a10ccc0d5295 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e05b29ab19352f052f85a10ccc0d5295
Size

216KB
MD5

e05b29ab19352f052f85a10ccc0d5295
SHA1

ba529b17cfee19f193d4177b1a5179cb933bc0ee
SHA256

1344da38d857d4772d1794c9c1d49200ac493122e7f44f13e566e6865d09c3ff
SHA512

35717ad2615c920ead7a6246873e3a189decaa871dcbe7941d3bf497372d764a356c3286c6fbd6f55d2b469ae86c2a9fb0637293d7b07dda087044f0cfa540d9
SSDEEP

3072:EUZLOuCoP2nfKc5B3o5e0DOTbvRuq6Ju85HW3gEpTaK2EhMm1:EUZL/WfKcjYKbvRgZUp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e05b29ab19352f052f85a10ccc0d5295

Files

e05b29ab19352f052f85a10ccc0d5295
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

2b639c654f3aa6aaf89c3b69ed5e1e84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
AddConsoleAliasA
WaitForSingleObjectEx
Module32Next
GetCurrentDirectoryA
RaiseException
GetProcessId
GlobalSize
IsBadHugeWritePtr
SetLocalTime
ReleaseSemaphore
GetTapePosition
SetProcessWorkingSetSize
SetFileShortNameA
VirtualAllocEx
OpenEventA
GetComputerNameA
lstrcpy
LZInit
ClearCommError
GetNamedPipeHandleStateA
EnumSystemLocalesA
GetConsoleCursorInfo
WriteConsoleOutputAttribute
GetDefaultCommConfigA
SetDefaultCommConfigA
GetConsoleCursorMode
ResetEvent
GetSystemRegistryQuota
GetLogicalDriveStringsA

wininet

InternetGetConnectedStateExA
InternetUnlockRequestFile
ResumeSuspendedDownload
InternetQueryDataAvailable
FtpSetCurrentDirectoryW
InternetCrackUrlA
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW

Sections

INIT
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 204KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ