14ab9d10ae3bfa2713fba2eb8910d0fec864592adf5681dc5b403c66ed93e918

Sharing

Copy URL

Twitter E-mail

General

Target

14ab9d10ae3bfa2713fba2eb8910d0fec864592adf5681dc5b403c66ed93e918
Size

1.6MB
MD5

76bc6ff03a3fe22b6d215616d1020de4
SHA1

76f37364fcc31e4fb1ed1b7bd1aeecb9ff1931c0
SHA256

14ab9d10ae3bfa2713fba2eb8910d0fec864592adf5681dc5b403c66ed93e918
SHA512

421ee961dccc7000ad6e9baa1ace3c364149c5358586c6605312ae3d69743d5730043229de7d5c34322c214fdb73dcc278cace55fdee4eaaa4052e91522732ae
SSDEEP

24576:Cr0h2nQMxYuYGpaNI6//FR1ioXE4nYTRC+rvnwRgsHmQZg/Ozs:Cr0h2/OtRYoXlY1CdWsDZg/Og

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14ab9d10ae3bfa2713fba2eb8910d0fec864592adf5681dc5b403c66ed93e918

Files

14ab9d10ae3bfa2713fba2eb8910d0fec864592adf5681dc5b403c66ed93e918
.exe windows:5 windows x86

7bc8ac1e9ca7b93131ea14c77e85caf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetUserDel
NetUserGetInfo
NetUserAdd
NetUserSetInfo
NetGetDCName

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
getaddrinfo
socket
connect
closesocket
WSAGetLastError
select
recv
send
WSACleanup

advapi32

RegDeleteKeyW
GetAclInformation
GetAce
DeleteAce
LookupAccountNameW
LsaOpenPolicy
SetNamedSecurityInfoW
LogonUserW
ControlService
DeleteService
CreateServiceW
ChangeServiceConfig2W
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
CloseServiceHandle
QueryServiceStatusEx
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LsaClose
LsaAddAccountRights
LsaFreeMemory
LsaQueryInformationPolicy
ConvertSidToStringSidW
LookupAccountSidW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW

psapi

GetModuleFileNameExW

userenv

DeleteProfileW

kernel32

FindNextFileW
FindFirstFileA
FindNextFileA
GetShortPathNameW
GetFileInformationByHandle
CopyFileA
MoveFileA
CreateHardLinkA
GetFullPathNameW
SetCurrentDirectoryA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
GetVersionExW
GetFileAttributesA
GetFileAttributesW
FlushInstructionCache
GetCurrentProcess
CreateMutexW
CloseHandle
OpenMutexW
SetFileAttributesA
SetFileAttributesW
CreateFileW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CreateDirectoryA
GetLastError
CreateDirectoryW
GetCurrentThreadId
FreeLibrary
FormatMessageA
GetLocalTime
lstrlenW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FormatMessageW
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
DeleteFileA
GetModuleFileNameW
SetLastError
CompareStringW
MulDiv
MoveFileW
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
LocalFree
GetDiskFreeSpaceExW
LoadLibraryW
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
SetErrorMode
Sleep
RemoveDirectoryW
WaitForSingleObject
CreateProcessW
GetExitCodeProcess
GetComputerNameW
WritePrivateProfileStringW
RemoveDirectoryA
GetFullPathNameA
CopyFileW
CreateThread
LocalAlloc
SystemTimeToFileTime
SetEvent
ResetEvent
CreateEventW
WideCharToMultiByte
GetExitCodeThread
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentDirectoryA
GetFileAttributesExA
GetCurrentDirectoryW
GetFileAttributesExW
SetEnvironmentVariableA
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
SetConsoleCtrlHandler
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStringTypeA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
HeapReAlloc
FatalAppExitA
HeapDestroy
HeapCreate
GetDiskFreeSpaceExA
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStartupInfoW
GetSystemTimeAsFileTime
GetCPInfo
SetFilePointer
GetConsoleMode
GetConsoleCP
WriteFile
ReadFile
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
GetLocaleInfoA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
MoveFileWithProgressW
CreateHardLinkW
GetModuleHandleW
GetSystemDirectoryW

user32

InvalidateRect
LoadStringA
UnregisterClassA
SendMessageW
SetWindowLongW
ShowWindow
LoadIconW
DispatchMessageW
KillTimer
SetTimer
CreateDialogParamW
MessageBoxA
GetActiveWindow
RegisterClassExW
LoadBitmapW
ExitWindowsEx
GetClassInfoExW
RegisterWindowMessageW
PostQuitMessage
EndDialog
MessageBeep
GetWindow
SystemParametersInfoW
MapWindowPoints
RedrawWindow
IsWindowVisible
GetWindowRect
MoveWindow
GetClassNameW
LoadCursorW
GetSysColor
GetFocus
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextW
PtInRect
SetWindowPos
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
IsWindow
UpdateWindow
ScreenToClient
GetClientRect
GetWindowTextLengthW
CreateWindowExW
DialogBoxParamW
SetRectEmpty
EnableWindow
GetWindowTextW
MessageBoxW
SetDlgItemTextW
GetDlgItemTextW
LoadStringW
GetDlgItem
GetParent
SetWindowTextW
PostMessageW
CallWindowProcW
GetWindowLongW
DestroyWindow
DefWindowProcW
CharNextW
PeekMessageW
GetMessageW
TranslateMessage

gdi32

CreateFontIndirectW
GetStockObject
DeleteObject
DeleteDC
CreateFontW
GetObjectW
SetTextColor
SetBkMode
SelectObject

shell32

SHFileOperationW
SHGetMalloc
SHCreateDirectoryExA
SHGetFolderLocation
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
OleRun

oleaut32

SetErrorInfo
GetErrorInfo
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString
CreateErrorInfo
VariantChangeType
RegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathRemoveFileSpecA
PathFindExtensionW
PathFileExistsA
PathSearchAndQualifyA
PathFindFileNameW
PathFileExistsW
PathSearchAndQualifyW
PathRemoveFileSpecW
SHDeleteKeyW

comctl32

_TrackMouseEvent
ImageList_Add
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bc8ac1e9ca7b93131ea14c77e85caf5

Headers

DLL Characteristics

File Characteristics

Imports

secur32

netapi32

version

ws2_32

advapi32

psapi

userenv

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 42KB - Virtual size: 4.1MB

.rsrc Size: 226KB - Virtual size: 226KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 42KB - Virtual size: 4.1MB

.rsrc
Size: 226KB - Virtual size: 226KB