14a525964ac64fdb0cb885d81204c918

Sharing

Copy URL Twitter E-mail

General

Target

14a525964ac64fdb0cb885d81204c918
Size

37KB
MD5

14a525964ac64fdb0cb885d81204c918
SHA1

83cb84e5025f619b78c61f95549a8f36823cdfcf
SHA256

abf652f7cf72d9f9225c6fa3c2c7e8480a2abf9d76b435d52114d24d40ffc2b7
SHA512

4fa5e4995874532a0296513b25e3bd4e0fdd1b95d919d7806810be7ab102d4838492f474c1e8fad3c26edd2d1770023747e6ec56d648e7417d4386cd9d05f93b
SSDEEP

384:lo+u644tsQTqE8ApYk8Uj6ipooR0J44uWG5DF1uDcg3GBMw0l4aXHV+WlRuk7NbH:fu6cE8Ur6ipo2OuHDF1Ccgv/3x9lH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a525964ac64fdb0cb885d81204c918

Files

14a525964ac64fdb0cb885d81204c918
.exe windows:4 windows x86 arch:x86

da44c3cf294d818e8b55e30282235ae9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

kernel32

AddAtomA
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetSystemTime
GetTickCount
GetWindowsDirectoryA
SetUnhandledExceptionFilter
Sleep
WriteFile

mpr

WNetAddConnection2A
WNetCancelConnectionA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
malloc
memset
rand
signal
sprintf
srand
strcat
strlen

shell32

ShellExecuteA

user32

MessageBoxA

ws2_32

WSAStartup
accept
bind
closesocket
gethostbyname
htonl
htons
listen
recv
select
send
socket

Exports

Exports

AutoStart
BackDoor@4
L0cal@4
NetSpread
Payload
WinMain@16
extra@4

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da44c3cf294d818e8b55e30282235ae9

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

msvcrt

shell32

user32

ws2_32

Exports

Exports

Sections

.data Size: 1KB - Virtual size: 1KB

.ctors Size: 512B - Virtual size: 4B

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 176B

.edata Size: 512B - Virtual size: 188B

.idata Size: 2KB - Virtual size: 1KB

.text Size: 6KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1024B

.data
Size: 1KB - Virtual size: 1KB

.ctors
Size: 512B - Virtual size: 4B

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 176B

.edata
Size: 512B - Virtual size: 188B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1024B