14e79d01729c2dde04bf0e5638ec9bd1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e79d01729c2dde04bf0e5638ec9bd1
Size

100KB
MD5

14e79d01729c2dde04bf0e5638ec9bd1
SHA1

167106792c56d9a397396beb8299ba2cfec3cae7
SHA256

93aef35aa11b651f5636f9455199a8a2ea04a7e938169567afa1dbbf79616b45
SHA512

f425bbd05420971da387a1fecdb4a5edc50e561828771a30b59d2a012fb5abbc6bc5dbbc565f9350cf2282a5ff72def039f6bcab12f5611b0b66dc363d90215e
SSDEEP

1536:rvxSM9YWyR3B21ysbOiLrH72BHX/Vo4eOsJBVGiDUKsWjkf/X/m/T/:rv5DuxlsbLbEi4a7DC6e2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e79d01729c2dde04bf0e5638ec9bd1

Files

14e79d01729c2dde04bf0e5638ec9bd1
.exe windows:4 windows x86 arch:x86

d7cdcad515c702328f4e9b583ace4dd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GlobalFree
BindIoCompletionCallback
GetFullPathNameA
RtlMoveMemory
SetConsoleTextAttribute
SetConsoleCursorMode
QueryPerformanceCounter
ReleaseSemaphore
EnterCriticalSection
SetProcessShutdownParameters
GetSystemDefaultUILanguage
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

strspn
NtDeleteKey
ZwReadVirtualMemory
ZwOpenDirectoryObject
ZwMakeTemporaryObject
NtSetHighEventPair
NtDuplicateObject
RtlDeleteTimer
RtlQueryProcessDebugInformation
wcscpy
RtlAddAttributeActionToRXact
NtQueryDirectoryFile
NtSetInformationKey
islower

Exports

Exports

Cjvbpirdgp
Xnfmpdmtsth

Sections

.d41
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ