14a2ea98b287e3207f1bbec99c569955

Sharing

Copy URL Twitter E-mail

General

Target

14a2ea98b287e3207f1bbec99c569955
Size

40KB
MD5

14a2ea98b287e3207f1bbec99c569955
SHA1

15e80e8aff3335bb64b3787637812e39eacb9a71
SHA256

5a9115be65e6a216cd5e5a5f473b2f103e7785c9ccbe0a67607827e00d4057b3
SHA512

d996b9b506d644c3637038b9a2ab8b173bad10b4dd5a3469bc8874bc0d6430f21398f5cadd49aa5432f3d9779ae49a19d8da5ef9262f5c6ca7c8865caaf404a9
SSDEEP

768:/ftGmC+qUFpDONauKps1NHi2Unk52VAdCjU+JmF9DpWEiORNKtoNLlwlf2PLDah/:3tGPZe8Na/ps1NHi2UnG2+d3FJoEAtqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a2ea98b287e3207f1bbec99c569955

Files

14a2ea98b287e3207f1bbec99c569955
.exe windows:5 windows x86 arch:x86

3e1079668c8629c9677f8b224d18c322

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
GetCommandLineA
GetConsoleProcessList
GetCPInfo
ExpungeConsoleCommandHistoryW
GetTickCount
SetConsoleMenuClose
CreateFileA
OutputDebugStringA
MulDiv
GetSystemTime
GetCurrentProcessId
DeleteVolumeMountPointW
EnumTimeFormatsW
CreateTapePartition
SetConsoleTitleW
RtlMoveMemory
SetConsoleOS2OemFormat
VirtualLock
LCMapStringW
VirtualAlloc
UTRegister
GlobalFlags
MapViewOfFile
SetLocalTime
GetLocaleInfoW
lstrcat
DuplicateConsoleHandle
LockFile
MapViewOfFileEx
lstrcmpiA
_lcreat
CreateDirectoryExW
GetCommState
EnumTimeFormatsA
ProcessIdToSessionId
FoldStringW
LoadLibraryA
GetVolumeInformationA
GlobalUnWire
ClearCommBreak
UpdateResourceW
LZCopy
CallNamedPipeW
FindFirstVolumeMountPointA
Heap32ListFirst

mswsock

s_perror
WSARecvEx
StopWsdpService
NSPStartup
GetAddressByNameW
AcceptEx
GetAddressByNameA
TransmitFile
GetServiceA
GetServiceW
GetNameByTypeW
GetAcceptExSockaddrs
EnumProtocolsA
GetTypeByNameW
SetServiceA
SetServiceW
WSPStartup
StartWsdpService
NPLoadNameSpaces
GetNameByTypeA
GetTypeByNameA
EnumProtocolsW
MigrateWinsockConfiguration
dn_expand

ifsutil

?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?GetFirst@TLINK@@QAEPAXXZ
?Initialize@TLINK@@QAEEG@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?Write@SECRUN@@UAEEXZ
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
??1CANNED_SECURITY@@UAE@XZ
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
??0SPARSE_SET@@QAE@XZ

ntdll

ZwSetBootEntryOrder
NtPrivilegedServiceAuditAlarm
NtReleaseMutant
ZwCompareTokens
RtlInt64ToUnicodeString
_CIlog
RtlTimeToElapsedTimeFields
RtlSetUserValueHeap
ZwDelayExecution
NtQuerySymbolicLinkObject
RtlQueryHeapInformation
ZwFlushWriteBuffer
wcsncat
RtlDosSearchPath_U
ZwQueryMultipleValueKey
ZwCancelIoFile
LdrGetDllHandle
RtlUnicodeToCustomCPN
iswspace
LdrLoadAlternateResourceModule
_splitpath
NtQueryDefaultLocale
RtlConvertLongToLargeInteger
ZwResumeThread
ZwSetEventBoostPriority
ZwReplaceKey
__toascii
LdrUnloadDll
ZwTerminateThread
RtlDeleteSecurityObject
RtlSubAuthorityCountSid
RtlCreateUserProcess
RtlWalkHeap
NtQueryBootEntryOrder
floor
RtlDnsHostNameToComputerName
RtlIpv6AddressToStringA
ZwSetBootOptions
RtlEnterCriticalSection
RtlGetSaclSecurityDescriptor
ZwReleaseMutant
_aullrem
RtlUlongByteSwap
_snprintf

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e1079668c8629c9677f8b224d18c322

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mswsock

ifsutil

ntdll

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB