299a6ebde3956309c59fc793a6e05870N[.]exe | Triage

Sharing

General

Target

299a6ebde3956309c59fc793a6e05870N.exe
Size

2.0MB
MD5

299a6ebde3956309c59fc793a6e05870
SHA1

76188082d6037dd2989c36e56f9acbcdc731e867
SHA256

2e2eea52f25b60e8db910c5a19a5815357b0ed9ada9eeffc6495184e5cb951f3
SHA512

e0e2ced0fd82719f6e43cf3532f29a141915b7f350596edfd1bb7b74d43b167bf2bbdb8400e889f0bdb51e282586e1c9c003ac5a693bcb6467257d8b42a5376d
SSDEEP

49152:v3t9WTixjjEDKAKdCY7h39m2DdAgJzZUn8QyfkNIP98h:vd9WsjrhJDzJzbQjmih

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
299a6ebde3956309c59fc793a6e05870N.exe

Files

299a6ebde3956309c59fc793a6e05870N.exe
.dll windows:5 windows x86 arch:x86

2761a0a25ccae6e9216943693d06e09b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

ExcludeClipRect
SetTextColor
CreateColorSpaceW

advapi32

CreateRestrictedToken

wininet

InternetAttemptConnect

msvcrt

strspn
putc
wcscoll

esent

JetBeginTransaction

oleaut32

VarI2FromStr

crypt32

CryptSIPCreateIndirectData

kernel32

GetBinaryTypeW
GetProcessId
TerminateJobObject
GetModuleFileNameW
LoadLibraryA
AssignProcessToJobObject
SetCommBreak
SetStdHandle
EnterCriticalSection
QueryPerformanceCounter
OutputDebugStringA
GetStringTypeW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

user32

GetUpdateRgn
ActivateKeyboardLayout

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ