014293a3c80f84d7538ae9bfa4c583d9

Sharing

Copy URL Twitter E-mail

General

Target

014293a3c80f84d7538ae9bfa4c583d9
Size

553KB
MD5

014293a3c80f84d7538ae9bfa4c583d9
SHA1

2b9e5fe55311efc8f530daddb1a5a086c496cba9
SHA256

bd5296fbe0636bc66bcbbc537bf3459e963bd80414647a5e652cc2092c71e9a0
SHA512

15c1d4ed9412f9046dd4142435fa11e8fb21c6550ae1e68ebcec188300150ae863b2c272edd87c104d094c73e71479666c4e5f9dbfda69b82d65ec9ee630cbc0
SSDEEP

12288:hUOWTiyU8++LvNAgmBm480yi9BEuNQ9zTmAQFV/Lsuiw/bVbfNP/:hvWTzU8++cBm4GJ3dQFV/yq5bFP/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
014293a3c80f84d7538ae9bfa4c583d9

Files

014293a3c80f84d7538ae9bfa4c583d9
.exe windows:4 windows x86 arch:x86

62e9171a4071aa82bd3d66c40dec2774

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

advapi32

RegSetValueExW
RegConnectRegistryW
RegConnectRegistryA
RegRestoreKeyA
RegDeleteValueA
CreateServiceA
RegQueryValueW
LogonUserA
CryptDecrypt
CryptHashData
RegEnumKeyExA
ReportEventW
RegNotifyChangeKeyValue
DuplicateTokenEx
RegOpenKeyExA
RegOpenKeyExW
CryptSetProviderExW
LookupPrivilegeValueA
StartServiceW
CryptVerifySignatureW
RevertToSelf
CryptEnumProvidersA
CryptGetDefaultProviderW

kernel32

ExitProcess
GetTimeFormatA
GetFileType
LockResource
IsValidLocale
EnterCriticalSection
GetStringTypeW
GetModuleHandleW
RtlUnwind
CompareStringA
TlsGetValue
LCMapStringA
GetConsoleCP
TlsSetValue
CloseHandle
LCMapStringW
CompareStringW
WriteFile
GetTickCount
Sleep
InitializeCriticalSectionAndSpinCount
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
HeapAlloc
FreeEnvironmentStringsA
SetLastError
SetUnhandledExceptionFilter
WideCharToMultiByte
VirtualFree
GetCPInfo
GetLastError
IsDebuggerPresent
GetStartupInfoA
GetFileAttributesExA
LocalLock
GetOEMCP
GetProcAddress
CreateFileA
GetStringTypeA
TlsFree
GetModuleFileNameA
SetConsoleCtrlHandler
InterlockedExchange
GetCurrentThreadId
ReadFile
DeleteCriticalSection
GetConsoleOutputCP
IsValidCodePage
OpenSemaphoreA
SleepEx
GetModuleHandleA
GetStdHandle
UnhandledExceptionFilter
HeapDestroy
VirtualQuery
HeapCreate
GetLongPathNameA
WriteConsoleW
GetConsoleMode
GetCommandLineA
SetEnvironmentVariableA
GetCurrentThread
GetFileTime
GetLogicalDrives
SetConsoleScreenBufferSize
FlushFileBuffers
LoadResource
FreeEnvironmentStringsW
HeapFree
CreateMutexA
CreateRemoteThread
FreeLibrary
HeapReAlloc
GetDateFormatA
GetUserDefaultLCID
GetFileSize
InterlockedDecrement
TlsAlloc
TerminateProcess
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
LoadLibraryA
InterlockedIncrement
OpenMutexA
GetACP
GetLocaleInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
SystemTimeToFileTime
GlobalAddAtomA
EnumSystemLocalesA
SetFilePointer
VirtualAlloc
GetCurrentProcess
MultiByteToWideChar
GetEnvironmentStrings
LeaveCriticalSection
lstrcatA
GetCalendarInfoA

user32

LoadCursorFromFileA
DdeSetUserHandle
LoadMenuIndirectA
GetProcessWindowStation
RegisterClassA
MessageBoxIndirectW
RegisterClassExA
wsprintfA

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62e9171a4071aa82bd3d66c40dec2774

Headers

File Characteristics

Imports

comctl32

advapi32

kernel32

user32

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 10KB - Virtual size: 32KB

.data Size: 316KB - Virtual size: 315KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 10KB - Virtual size: 32KB

.data
Size: 316KB - Virtual size: 315KB

.rsrc
Size: 12KB - Virtual size: 11KB