29eac9b295488a1d81f027a63528d560N

Sharing

Copy URL

Twitter E-mail

General

Target

29eac9b295488a1d81f027a63528d560N
Size

692KB
MD5

29eac9b295488a1d81f027a63528d560
SHA1

848fc1ccd8a35d0550561616891f00ab4f4c91a0
SHA256

df61ee8f7b4607405b5f94f35b73d3341b50c49aba2c7b063933ca2fa84ae7b0
SHA512

110554c2ef75e4a6f953e71d1c8835536b7974118bd817f1fc3d0096f3e4afa3f0fca6d2027d524d07fb5784bef55186547280f7d4fd3868b26c509241f2c4ec
SSDEEP

12288:UVvZ0xSS8A9BXnPzdidRQkJrKUwQRYDzPxmc+aQH+6bNCyfU/c4sa7g7R+oWdRxc:8Z0xSS99NnrodukJOUv8zPka++6BfUwz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29eac9b295488a1d81f027a63528d560N

Files

29eac9b295488a1d81f027a63528d560N
.exe windows:6 windows x86 arch:x86

660b587f557da48c29bdacdf5e783730

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
wvnsprintfA
StrToInt64ExA
PathCombineW

kernel32

GetModuleFileNameW
CreateMutexW
GetLocaleInfoA
CreateEventW
GetTimeZoneInformation
GetLastError
LockResource
CloseHandle
GetSystemInfo
LoadResource
FindResourceW
GetLocalTime
GetCurrentDirectoryW
ExitProcess
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
GetTickCount
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
FindClose
CreateFileW
GetFileAttributesW
SetFilePointerEx
GetFileSize
GetTempFileNameW
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetVolumeInformationW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetUserDefaultLangID
GetFullPathNameA
SetEndOfFile
UnlockFileEx
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
GetFileInformationByHandle
FileTimeToSystemTime
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleA
LocalFree
GetTempPathW
GlobalUnlock
CopyFileW
GlobalLock
DeleteFileW
GetConsoleMode
DecodePointer
WriteConsoleW
SetFilePointer
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
GetStdHandle
GetFileType
CompareStringW
LCMapStringW
FindFirstFileExW

user32

EnumDisplayDevicesW
GetKeyboardLayoutList
GetSystemMetrics

advapi32

CryptGetHashParam
CredEnumerateW
CredFree
OpenProcessToken
GetUserNameW
GetTokenInformation
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptImportKey
CryptReleaseContext

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
GetHGlobalFromStream

Sections

.text
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

660b587f557da48c29bdacdf5e783730

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

ole32

Sections

.text Size: 555KB - Virtual size: 555KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 11KB - Virtual size: 446KB

.rsrc Size: 1024B - Virtual size: 608B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 555KB - Virtual size: 555KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 11KB - Virtual size: 446KB

.rsrc
Size: 1024B - Virtual size: 608B

.reloc
Size: 20KB - Virtual size: 20KB