14cb0c210bc0acc7a2a39d232272bbab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14cb0c210bc0acc7a2a39d232272bbab
Size

67KB
MD5

14cb0c210bc0acc7a2a39d232272bbab
SHA1

bdddf94703c7be584df06eb036a754e5b2fac130
SHA256

c61f3237a8d8db8511bcad9f57c27f9e3b7ab30ce794c0c287618d4f5e537c73
SHA512

76d9c72e0dad890f105c18fe35f6c6fcc826a67d7f69f7d49eeb37947e7fc0cf37257542c1d48cf8700f4f2d8ce40b142ba401740c7276368a670bc3242b3f7e
SSDEEP

1536:aBojF1jewY6FSr6pjATPZl5+Yl+jhepW1lhi:aBojF1j+r6pjAdy4S1ji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14cb0c210bc0acc7a2a39d232272bbab

Files

14cb0c210bc0acc7a2a39d232272bbab
.exe windows:5 windows x86 arch:x86

e490824e6af345d1f47c2e5630ee1a3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
LoadLibraryA
GetProcAddress
IsBadReadPtr
lstrcmpiA
VirtualProtect
CreateThread
GetModuleHandleA

user32

DefWindowProcA
SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Exports

Exports

func1
func2
start

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 601B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ