14c2091e6a4a511c6dcc077d8e1ab098

Sharing

Copy URL Twitter E-mail

General

Target

14c2091e6a4a511c6dcc077d8e1ab098
Size

395KB
MD5

14c2091e6a4a511c6dcc077d8e1ab098
SHA1

1efc547e5aedb31329ce6e2e161bad2279d03a76
SHA256

3419750062dc8115e01838d1213f8ef182fb80e69cfdb361401be99b46288392
SHA512

e3f7c2c030fad66729a21454bdf538996c73afbeccaaef739faed4d171e8bd78d6995b3df535b35a07ab78d5f987b7f0ccbfb0b6d45da6a555d6ca0e1b2a4728
SSDEEP

6144:MGhEOfLBVFJaqxI7utkkM8Qz6IRCpGO7Q3VbzEfzdjORi/l:MQF8LKh5ECp6twBj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c2091e6a4a511c6dcc077d8e1ab098

Files

14c2091e6a4a511c6dcc077d8e1ab098
.exe windows:4 windows x86 arch:x86

1065419b55278bf93c0daeedfa41f271

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
ConvertDefaultLocale
GetCommandLineW
GetPrivateProfileSectionW
FreeLibrary
FreeEnvironmentStringsA
GetTempFileNameW
EnumDateFormatsExA
CreateSemaphoreW
GetExitCodeThread
CreateDirectoryExW
Module32Next
MulDiv
CreateSemaphoreA
TlsGetValue
InterlockedIncrement
FindResourceW
Heap32ListFirst
GetStdHandle
GetSystemInfo
GetDateFormatA
GetWriteWatch
EnumResourceNamesW
ReadFileScatter
CreateTapePartition
RemoveDirectoryA
SetVolumeLabelA
SetLocalTime
GetProfileSectionW
UpdateResourceA
Process32Next
LoadLibraryW
WideCharToMultiByte
ResetEvent
lstrcpynA
GetSystemTimeAdjustment
WaitForDebugEvent
UpdateResourceW
EnterCriticalSection
GetCurrentDirectoryW
EnumCalendarInfoExW
EnumTimeFormatsA
SetEnvironmentVariableW
WriteConsoleOutputA
Module32First
ReadConsoleOutputCharacterW
SetCurrentDirectoryW
CreateMutexW
GetVersionExA
SetTimeZoneInformation
GetModuleFileNameW
GetNumberFormatW
FillConsoleOutputAttribute
SetSystemTime
GetSystemDefaultLCID
LockResource
VirtualProtectEx
CommConfigDialogA
GetShortPathNameA
RtlMoveMemory
GetFileSize
GlobalGetAtomNameW
GlobalReAlloc
GetStringTypeExA
SearchPathW
LocalCompact
SetThreadPriorityBoost
FileTimeToLocalFileTime
WaitNamedPipeA
GlobalLock
OpenEventA
GlobalSize
SetConsoleTextAttribute
EnumSystemCodePagesW
PulseEvent
WritePrivateProfileStringW
DeleteFileW
ReleaseMutex
lstrcpyA
ContinueDebugEvent
FlushFileBuffers
IsValidCodePage
GetLogicalDrives
FindFirstChangeNotificationW
GetStringTypeA
GetWindowsDirectoryA
SetHandleCount
CompareFileTime
GetCurrencyFormatW
OpenFileMappingA
GetQueuedCompletionStatus
GetThreadContext
IsValidLocale
LocalHandle
SetConsoleOutputCP
HeapDestroy
GlobalHandle
GetVolumeInformationW
EnumDateFormatsExW
GetPrivateProfileStructA
TransmitCommChar
GetVersion
SetConsoleTitleW
EraseTape
LoadLibraryExW
LocalFlags
FindFirstChangeNotificationA
ReadConsoleInputA
WriteConsoleInputW
lstrlen
TlsSetValue
GetFileTime
SetConsoleWindowInfo
GetConsoleTitleA
SetLocaleInfoW
LocalReAlloc
FlushConsoleInputBuffer
CreateFileW
SetThreadLocale
CreateFileMappingW
CreateMailslotA
BeginUpdateResourceW
GlobalFindAtomA
GetStringTypeExW
Thread32First
GetPrivateProfileIntA
HeapValidate
GetPrivateProfileSectionNamesW
FindResourceExW
GetNumberOfConsoleInputEvents
GetProcessAffinityMask
lstrlenW
SetFileAttributesW
FindNextFileW
AddAtomW
GetNamedPipeHandleStateA
GetEnvironmentStringsW
GetLogicalDriveStringsA
DisconnectNamedPipe
CreateToolhelp32Snapshot
EnumDateFormatsA
Heap32First
lstrcmpW
GlobalFix
LoadResource
GetConsoleScreenBufferInfo
EnumDateFormatsW
GetFullPathNameW
LocalFileTimeToFileTime
GetThreadLocale
GetConsoleTitleW
SetConsoleCP
GetPrivateProfileIntW
GetTempPathW
GetFileAttributesW
HeapUnlock
GetPrivateProfileSectionNamesA
CopyFileA
CloseHandle
GetSystemDirectoryW
GlobalUnWire
SetThreadPriority
GetPriorityClass
MapViewOfFileEx
GetSystemDirectoryA
SetConsoleMode
UnhandledExceptionFilter
GlobalUnlock
PeekNamedPipe
GlobalAddAtomW
GetEnvironmentStringsA
GetCurrencyFormatA
GetTimeFormatA
MapViewOfFile
GetProfileStringA
WriteConsoleW
SuspendThread
FindFirstFileExA
GlobalGetAtomNameA
EnumResourceLanguagesA
LoadLibraryExA
ResumeThread
PeekConsoleInputW
lstrcpyW
SetComputerNameA
lstrcmpA
DebugActiveProcess
HeapCompact
WaitNamedPipeW
SetEndOfFile
FoldStringA
WriteConsoleOutputCharacterA
GetProfileStringW
FlushViewOfFile
GetCompressedFileSizeW
InterlockedExchangeAdd
CreateEventA
LocalFree
OpenProcess
WaitForMultipleObjects
FoldStringW
FillConsoleOutputCharacterA
GlobalMemoryStatus
DuplicateHandle
FindNextFileA
GetCalendarInfoA
CreateProcessA
GetWindowsDirectoryW
EnumSystemLocalesW
GetProfileSectionA
SetLastError
GetComputerNameA
ReadConsoleOutputW
GetConsoleMode
ExpandEnvironmentStringsW
GetTempPathA
WriteConsoleOutputAttribute
GetProcAddress
GetThreadTimes
BeginUpdateResourceA
GetHandleInformation
OpenEventW
GetAtomNameW
CreateNamedPipeW
GetSystemDefaultLangID
GetEnvironmentStrings
DosDateTimeToFileTime
lstrcatW
RtlZeroMemory
ReadConsoleOutputAttribute
WaitForSingleObject
WriteFileEx
Heap32ListNext
Heap32Next
LocalShrink
MoveFileA
VirtualAllocEx
FindCloseChangeNotification
SetConsoleActiveScreenBuffer
WriteProfileStringA
lstrcpynW

shell32

SHGetInstanceExplorer

wininet

FreeUrlCacheSpaceW
FindCloseUrlCache
HttpOpenRequestW
UnlockUrlCacheEntryStream
InternetConfirmZoneCrossingA
InternetSetOptionA
FtpDeleteFileA
FtpRemoveDirectoryW
InternetCanonicalizeUrlA
InternetQueryOptionW
FtpGetFileW
FtpCreateDirectoryA
InternetSetOptionW
DeleteUrlCacheGroup
UnlockUrlCacheEntryFileW
FindFirstUrlCacheEntryExW
InternetGetCertByURLA
InternetOpenA
GopherFindFirstFileW
InternetConfirmZoneCrossing
DeleteUrlCacheEntry
GopherGetLocatorTypeA
CreateUrlCacheEntryW
FtpPutFileW
HttpAddRequestHeadersA
SetUrlCacheEntryGroup
InternetSetCookieA
InternetSetOptionExA
FtpSetCurrentDirectoryW
InternetAlgIdToStringW
GopherGetLocatorTypeW
SetUrlCacheEntryGroupA
InternetCloseHandle
DeleteUrlCacheContainerA
GopherCreateLocatorW
FindNextUrlCacheEntryW
InternetSetFilePointer
HttpOpenRequestA
InternetCombineUrlA
FreeUrlCacheSpaceA
InternetGetCookieA
GopherOpenFileW
LoadUrlCacheContent
InternetTimeFromSystemTime
InternetSetDialStateA
GetUrlCacheConfigInfoA
IncrementUrlCacheHeaderData
InternetWriteFile
InternetConnectA
InternetGoOnlineA
DeleteIE3Cache
InternetTimeToSystemTimeW
FtpGetCurrentDirectoryW
GetUrlCacheGroupAttributeA
RetrieveUrlCacheEntryFileA
InternetWriteFileExW
HttpQueryInfoW
InternetDialW
ShowCertificate
FindNextUrlCacheContainerW
FtpGetCurrentDirectoryA
DetectAutoProxyUrl
FtpPutFileEx
InternetErrorDlg
InternetFortezzaCommand
SetUrlCacheConfigInfoW
InternetLockRequestFile
FtpGetFileEx
InternetOpenUrlW
DeleteUrlCacheContainerW
IsHostInProxyBypassList
UnlockUrlCacheEntryFile
FindFirstUrlCacheEntryA
InternetOpenW
InternetFindNextFileW
InternetCombineUrlW
UpdateUrlCacheContentPath
FtpFindFirstFileA
IsUrlCacheEntryExpiredW
InternetReadFile
ResumeSuspendedDownload
FtpCommandW
FindFirstUrlCacheContainerA
FtpOpenFileW
ReadUrlCacheEntryStream
InternetQueryDataAvailable
InternetGetConnectedStateExW
InternetSetDialStateW
InternetUnlockRequestFile
GetUrlCacheGroupAttributeW
HttpSendRequestExW
CreateUrlCacheGroup
InternetAutodial
InternetGetLastResponseInfoA
HttpSendRequestW
CreateUrlCacheContainerW
InternetCreateUrlW
InternetGoOnline
InternetAutodialHangup
FindNextUrlCacheGroup
HttpQueryInfoA
InternetTimeToSystemTimeA
UrlZonesDetach
GopherGetAttributeW
SetUrlCacheHeaderData
FindFirstUrlCacheGroup
HttpSendRequestExA
ShowSecurityInfo
GetUrlCacheEntryInfoA
InternetSetDialState
GopherGetAttributeA
InternetShowSecurityInfoByURL
GetUrlCacheHeaderData
InternetAttemptConnect
InternetGetConnectedStateEx
CommitUrlCacheEntryA
GetUrlCacheEntryInfoW
FindNextUrlCacheEntryA
InternetCheckConnectionW
InternetConnectW
FindFirstUrlCacheContainerW
InternetCrackUrlA
SetUrlCacheGroupAttributeW
InternetGetConnectedState
FtpRenameFileW
SetUrlCacheEntryGroupW
FindFirstUrlCacheEntryW
InternetQueryOptionA
DeleteUrlCacheEntryA
InternetGetConnectedStateExA
InternetWriteFileExA
FtpCommandA
GetUrlCacheEntryInfoExW
FtpPutFileA
HttpCheckDavCompliance
FtpDeleteFileW
FindFirstUrlCacheEntryExA
InternetCrackUrlW
InternetCheckConnectionA
IsUrlCacheEntryExpiredA
FtpFindFirstFileW
InternetQueryFortezzaStatus
GetUrlCacheEntryInfoExA
InternetCanonicalizeUrlW
SetUrlCacheConfigInfoA
ShowX509EncodedCertificate
GopherOpenFileA
InternetOpenUrlA
InternetTimeToSystemTime
CreateUrlCacheEntryA
ShowClientAuthCerts
FtpSetCurrentDirectoryA
InternetSetCookieW
InternetReadFileExW
GetUrlCacheConfigInfoW
SetUrlCacheEntryInfoW
InternetSetOptionExW
InternetDial
InternetSecurityProtocolToStringW
InternetInitializeAutoProxyDll
InternetTimeFromSystemTimeW
HttpAddRequestHeadersW
InternetTimeFromSystemTimeA
FtpOpenFileA
FindNextUrlCacheEntryExW
HttpSendRequestA

advapi32

RegSetValueExA
StartServiceA
CryptGetHashParam
CryptAcquireContextA
CryptEnumProviderTypesW

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1065419b55278bf93c0daeedfa41f271

Headers

File Characteristics

Imports

kernel32

shell32

wininet

advapi32

Sections

.text Size: 92KB - Virtual size: 92KB

.data Size: 283KB - Virtual size: 283KB

.reloc Size: 13KB - Virtual size: 12KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 92KB - Virtual size: 92KB

.data
Size: 283KB - Virtual size: 283KB

.reloc
Size: 13KB - Virtual size: 12KB

.bss
Size: 5KB - Virtual size: 5KB