App_02029[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

App_02029.exe
Size

24.0MB
MD5

d70f85f28f5abe2f9d3225dac96f7577
SHA1

188e2d2856afabb238f983ac7cb67b9bc9359e78
SHA256

5b127d4b0c8c94a49ceaa5417511987d681879f5104af85dacd69e8fc49b6574
SHA512

a795c515ddd944bcd3f6b42d61df4b6a617721956ed46ac64dcdd18be436aab50ceb579a7c1fc9e0d91708a62f701b814a07099db66b68ffc1bf6626331e36e0
SSDEEP

393216:weun/sw/hb0kGcd+yS1Af3EZxRZndSk9bGWqCgu5op+wiCYCr2sfqisfUv:wei0kGcd+yS1Af3KEkTqA5a+Nc2sfqVq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
App_02029.exe

Files

App_02029.exe
.exe windows:6 windows x86 arch:x86

d8359e6572c0fb9f719d599358e232e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
DuplicateHandle
GetConsoleOutputCP
GetCurrentProcess
InterlockedPushEntrySList
LocalFree
GetCurrentThread
SetPriorityClass
GetCPInfo
GetLogicalProcessorInformation
CreateThread
FreeLibraryAndExitThread
GlobalAlloc
ReadConsoleW
GetLocaleInfoW
UnregisterWait
EnterCriticalSection
FlushFileBuffers
GetEnvironmentVariableA
FileTimeToSystemTime
DeleteTimerQueueTimer
LoadLibraryExW
FreeLibrary
GetDriveTypeW
HeapReAlloc
VerSetConditionMask
ExitThread
RegisterWaitForSingleObject
SetEvent
GetModuleFileNameW
RemoveDirectoryW
IsValidLocale
SwitchToThread
CreateDirectoryW
FormatMessageW
GetCommandLineA
ReleaseSemaphore
TryEnterCriticalSection
lstrlenA
TlsSetValue
InitializeCriticalSection
GetFileSize
TlsFree
ChangeTimerQueueTimer
GetFullPathNameW
GetCurrentThreadId
WriteFile
GetModuleHandleA
QueryPerformanceCounter
WriteConsoleW
GetVersionExW
IsValidCodePage
Sleep
SystemTimeToTzSpecificLocalTime
GetCommandLineW
VirtualAlloc
PeekNamedPipe
GlobalUnlock
GetLogicalDriveStringsW
SetFilePointer
UnhandledExceptionFilter
SetStdHandle
AcquireSRWLockExclusive
GetFileAttributesExW
GetTickCount64
CreateEventW
CompareFileTime
SetFilePointerEx
DeleteCriticalSection
RaiseException
GetProcessHeap
InterlockedFlushSList
FindNextFileW
LeaveCriticalSection
WideCharToMultiByte
GlobalLock
FreeEnvironmentStringsW
TerminateProcess
GetThreadTimes
SetEnvironmentVariableW
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetNumaHighestNodeNumber
SleepEx
TlsAlloc
GetCurrentDirectoryW
ResetEvent
SignalObjectAndWait
FileTimeToLocalFileTime
GetConsoleMode
EncodePointer
FindFirstFileW
InitializeSListHead
SetEndOfFile
InitializeCriticalSectionEx
GlobalMemoryStatus
GetDateFormatW
InterlockedPopEntrySList
CreateSemaphoreW
SetLastError
GetFileSizeEx
GetVersion
HeapSize
FindFirstFileExW
SetThreadAffinityMask
IsProcessorFeaturePresent
GetFileAttributesW
CloseHandle
DecodePointer
SetFileAttributesW
ExitProcess
InitializeCriticalSectionAndSpinCount
VirtualProtect
LoadLibraryW
GetOEMCP
lstrcatA
LCMapStringW
GetProcAddress
DeleteFileW
GetModuleHandleExW
QueryDepthSList
GetCurrentProcessId
GetACP
GetThreadPriority
EnumSystemLocalesW
GetLastError
FindClose
GetStdHandle
MultiByteToWideChar
GetTimeFormatW
GetSystemDirectoryW
ReadFile
GlobalFree
WaitForMultipleObjects
TlsGetValue
GetSystemInfo
CreateTimerQueue
MoveFileW
GetFileType
GetFileInformationByHandle
GetTimeZoneInformation
GetStringTypeW
CreateFileW
GetModuleHandleW
GetEnvironmentStringsW
IsDebuggerPresent
GetStartupInfoW
SetThreadPriority
HeapAlloc
ReleaseSRWLockExclusive
UnregisterWaitEx
QueryPerformanceFrequency
MoveFileExW
RtlUnwind
CompareStringW
WaitForSingleObjectEx
GetProcessAffinityMask
SetFileTime
GetTickCount
WaitForSingleObject
GetUserDefaultLCID
CreateTimerQueueTimer
HeapFree
VirtualFree

user32

GetParent
SetTimer
MoveWindow
CheckDlgButton
GetKeyState
ShowWindow
CloseClipboard
DialogBoxParamW
GetMonitorInfoA
GetWindowTextW
GetWindowTextLengthW
GetFocus
GetWindowLongW
SetWindowTextW
SetFocus
IsDlgButtonChecked
LoadIconW
SendMessageW
GetWindowRect
MessageBoxA
EndDialog
MonitorFromWindow
InvalidateRect
ScreenToClient
CharUpperW
wsprintfA
PostMessageW
KillTimer
SetWindowLongW
LoadStringW
EmptyClipboard
SetCursor
SystemParametersInfoW
EnableWindow
SetDlgItemTextW
OpenClipboard
MessageBoxW
LoadCursorW
MapDialogRect
SetClipboardData
GetDlgItem

advapi32

CryptGetHashParam
CryptHashData
CloseServiceHandle
CryptEncrypt
CryptImportKey
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyKey

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFileInfoW

ole32

OleInitialize
CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
PFXImportCertStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CryptStringToBinaryW
CertGetNameStringW
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertFindExtension
CryptDecodeObjectEx
CertEnumCertificatesInStore

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
freeaddrinfo
WSAEventSelect
getsockopt
send
WSAResetEvent
WSACloseEvent
WSAEnumNetworkEvents
socket
WSAIoctl
WSACreateEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAWaitForMultipleEvents
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8359e6572c0fb9f719d599358e232e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 275KB - Virtual size: 275KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 275KB - Virtual size: 275KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 96KB