Static task
static1
Behavioral task
behavioral1
Sample
14cf95c5f5f6d40a4b940c246647d9cd.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
14cf95c5f5f6d40a4b940c246647d9cd.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
14cf95c5f5f6d40a4b940c246647d9cd
-
Size
388KB
-
MD5
14cf95c5f5f6d40a4b940c246647d9cd
-
SHA1
906aee3e32a56ae538bf54886fbe9c8f61c67d12
-
SHA256
519db9789638e6619cd15b5f3e3deb740010cc1bc9bdf6fda51299b5cdc2c1fb
-
SHA512
1b56fa89cccac27eb024bb0cfbae1291b3d701016c35fee294a4c18a85c541a56c91c7fe55b69428cfb0ffb014cec71f0998949001f8ceb654f8b9c2cca736b9
-
SSDEEP
12288:x17tXF96gaewdiBaI0c7BhmwJCpkBp+TqP8ydQ:961ePxtfDdQ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 14cf95c5f5f6d40a4b940c246647d9cd
Files
-
14cf95c5f5f6d40a4b940c246647d9cd.exe windows:4 windows x86 arch:x86
07b10a058831f9a9411ee0f958dcfb17
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
ResetEvent
GetConsoleTitleW
CreateWaitableTimerW
CreateEventW
CreateMailslotW
OpenWaitableTimerW
MoveFileA
TlsSetValue
LockResource
WriteConsoleW
SetConsoleMode
GetProfileSectionA
SetLastError
GetTimeFormatW
DisconnectNamedPipe
GetExitCodeThread
RtlFillMemory
DefineDosDeviceW
GetDiskFreeSpaceExA
ExpandEnvironmentStringsW
FindClose
Thread32First
LoadLibraryW
GetModuleHandleW
CreateThread
CreateDirectoryW
DeleteFiber
WriteProfileStringW
ContinueDebugEvent
DebugActiveProcess
LoadResource
lstrcmpA
GetNumberOfConsoleMouseButtons
GetFullPathNameA
GetCalendarInfoW
EnumCalendarInfoExW
TlsFree
CreateMutexA
ReadFile
GetExitCodeProcess
GetShortPathNameW
GlobalFindAtomW
GetComputerNameW
SearchPathW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ReadConsoleOutputA
GetStringTypeW
SetFileAttributesA
EnumTimeFormatsW
DeleteFileW
GlobalWire
FormatMessageA
ReadProcessMemory
LocalCompact
CreateFileA
UnlockFile
PulseEvent
GetFileAttributesA
CopyFileA
GetMailslotInfo
GetPriorityClass
FindFirstChangeNotificationA
GetSystemDefaultLangID
OpenMutexW
ReadConsoleInputA
HeapValidate
GetVolumeInformationA
WriteConsoleOutputW
GetShortPathNameA
CreateConsoleScreenBuffer
DefineDosDeviceA
LocalFlags
CreateFileW
GlobalReAlloc
GetNamedPipeInfo
FileTimeToDosDateTime
SetPriorityClass
WaitCommEvent
EnumDateFormatsExW
CreateSemaphoreW
SetConsoleCursorPosition
GetProfileSectionW
GetSystemDefaultLCID
OutputDebugStringW
GetLocalTime
GetNumberFormatW
MoveFileW
CreateDirectoryExW
GetEnvironmentVariableW
OpenMutexA
CreateTapePartition
SetConsoleScreenBufferSize
DeviceIoControl
GetTempFileNameW
ReadConsoleInputW
TransmitCommChar
LocalFree
WritePrivateProfileSectionW
OpenFile
GlobalAddAtomW
CompareStringA
WritePrivateProfileSectionA
FindFirstChangeNotificationW
WriteFile
GetFileTime
GetAtomNameA
SetSystemTimeAdjustment
GetPrivateProfileStringW
EnumResourceLanguagesW
GetLocaleInfoW
CreateFileMappingA
GetFileInformationByHandle
GetThreadPriority
SetThreadContext
LocalLock
LoadLibraryExA
GetACP
SetThreadIdealProcessor
GetVersionExW
WriteProcessMemory
SystemTimeToFileTime
GetProcessVersion
InitializeCriticalSectionAndSpinCount
WaitForDebugEvent
SetConsoleTextAttribute
ResumeThread
GetCompressedFileSizeW
Toolhelp32ReadProcessMemory
VirtualUnlock
GetConsoleMode
EnumResourceNamesW
SearchPathA
MulDiv
EnumResourceNamesA
GetTimeZoneInformation
SetThreadAffinityMask
OpenFileMappingA
AddAtomW
GetThreadSelectorEntry
EnumCalendarInfoExA
HeapCreate
OpenSemaphoreA
SetLocaleInfoA
GetLastError
lstrcpyW
GetLocaleInfoA
CreateMutexW
GetWindowsDirectoryA
GetLargestConsoleWindowSize
CreatePipe
SetConsoleCtrlHandler
RemoveDirectoryW
ReadConsoleW
GetThreadLocale
DeleteAtom
SetEnvironmentVariableW
GetSystemTime
GlobalFlags
GetEnvironmentStringsA
BeginUpdateResourceA
GetFileSize
IsValidLocale
GetQueuedCompletionStatus
IsValidCodePage
RtlMoveMemory
EnumCalendarInfoA
lstrcmp
VirtualFreeEx
EnumCalendarInfoW
FindFirstFileA
GetFileType
CreateNamedPipeW
GetLogicalDriveStringsA
BeginUpdateResourceW
LockFileEx
lstrcmpiA
GetStringTypeExW
FindFirstFileExA
GlobalSize
GetStdHandle
EnumSystemCodePagesW
CreateProcessA
HeapLock
GlobalFix
CreateDirectoryExA
GetCurrencyFormatW
SetCurrentDirectoryW
lstrlenW
OpenWaitableTimerA
FlushViewOfFile
GetFileAttributesExA
GetTempPathW
lstrcpynW
LocalSize
WritePrivateProfileStringA
SetFilePointer
GetStringTypeExA
SetEvent
OpenEventW
ConvertDefaultLocale
CreateWaitableTimerA
HeapUnlock
WritePrivateProfileStringW
GetUserDefaultLCID
SetLocalTime
SetComputerNameA
GetNumberOfConsoleInputEvents
ReadDirectoryChangesW
FillConsoleOutputAttribute
WriteProfileSectionW
FoldStringW
EraseTape
ReleaseMutex
UnhandledExceptionFilter
FindAtomW
GlobalDeleteAtom
GetConsoleOutputCP
LeaveCriticalSection
GetNumberFormatA
UnmapViewOfFile
LocalShrink
DeleteFileA
GetPrivateProfileIntW
SetWaitableTimer
GetWindowsDirectoryW
EnterCriticalSection
OpenEventA
ReadFileEx
SetSystemTime
CreateRemoteThread
EnumResourceLanguagesA
UnlockFileEx
GlobalGetAtomNameA
GetPrivateProfileSectionNamesA
ResetWriteWatch
FindFirstFileW
RemoveDirectoryA
GetFileAttributesExW
GetVersionExA
OpenProcess
LocalReAlloc
FillConsoleOutputCharacterW
GetProcessTimes
GetLongPathNameW
EnumResourceTypesW
CreateDirectoryA
CreateMailslotA
HeapCompact
lstrcpyn
SetConsoleCP
InterlockedDecrement
GetThreadTimes
DeleteCriticalSection
ReadConsoleOutputCharacterA
AddAtomA
GetFileAttributesW
GetPrivateProfileStructA
VirtualAllocEx
GetPrivateProfileStringA
FreeConsole
lstrcmpiW
GetCurrentDirectoryA
LockFile
WriteConsoleOutputCharacterW
FindCloseChangeNotification
SetConsoleTitleW
ReadFileScatter
SetHandleCount
GetCalendarInfoA
lstrlen
Heap32Next
EnumSystemCodePagesA
FlushConsoleInputBuffer
CreateToolhelp32Snapshot
GetStartupInfoA
SetConsoleWindowInfo
WriteConsoleInputA
FoldStringA
HeapSize
FreeLibrary
TransactNamedPipe
WritePrivateProfileStructA
SetThreadExecutionState
EnumTimeFormatsA
EnumResourceTypesA
HeapWalk
CreateNamedPipeA
SetConsoleOutputCP
GetEnvironmentStrings
ReadConsoleOutputW
Module32Next
PeekConsoleInputW
SetFileAttributesW
GetProfileIntA
GetCommandLineW
CreateProcessW
IsDebuggerPresent
GetVolumeInformationW
WaitNamedPipeA
GetThreadPriorityBoost
SetEnvironmentVariableA
EnumDateFormatsW
HeapDestroy
Thread32Next
SetFileTime
ReadConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetCompressedFileSizeA
Heap32ListNext
SetLocaleInfoW
GetAtomNameW
WriteFileGather
GetWriteWatch
InitAtomTable
SetCriticalSectionSpinCount
GetDateFormatW
Process32Next
MapViewOfFile
GetCurrentThread
ReadConsoleOutputAttribute
CommConfigDialogA
GlobalFree
GetPrivateProfileStructW
PeekConsoleInputA
WaitForMultipleObjects
WriteConsoleInputW
WinExec
WriteProfileSectionA
DosDateTimeToFileTime
FindResourceA
OpenFileMappingW
LoadLibraryExW
EnumDateFormatsExA
OutputDebugStringA
SetVolumeLabelA
WriteConsoleA
FindFirstFileExW
MoveFileExA
GlobalUnfix
GetUserDefaultLangID
AllocConsole
GetProfileStringA
CopyFileExA
TlsAlloc
FileTimeToSystemTime
InterlockedIncrement
GetCurrentDirectoryW
InterlockedCompareExchange
GetComputerNameA
FlushFileBuffers
SignalObjectAndWait
FreeEnvironmentStringsA
GetFullPathNameW
UpdateResourceA
VirtualQueryEx
GetSystemTimeAdjustment
lstrcatA
SetThreadPriorityBoost
GlobalHandle
SetConsoleCursorInfo
EscapeCommFunction
SetTimeZoneInformation
lstrcmpW
GetEnvironmentStringsW
GlobalAlloc
GetPrivateProfileSectionNamesW
SetConsoleTitleA
GlobalUnlock
FreeEnvironmentStringsW
GetModuleFileNameW
GlobalCompact
WriteFileEx
GetTempPathA
lstrcat
GetDriveTypeW
lstrcpynA
MultiByteToWideChar
SetThreadLocale
SetCurrentDirectoryA
SetEndOfFile
Heap32First
GetProcessPriorityBoost
GetStringTypeA
WideCharToMultiByte
OpenSemaphoreW
TlsGetValue
FreeLibraryAndExitThread
FillConsoleOutputCharacterA
WaitForMultipleObjectsEx
WriteConsoleOutputCharacterA
GetLogicalDrives
GetEnvironmentVariableA
WaitNamedPipeW
CreateSemaphoreA
FreeResource
InterlockedExchangeAdd
DuplicateHandle
GlobalAddAtomA
lstrcmpi
FindNextChangeNotification
LocalHandle
RtlZeroMemory
GetProcessHeap
ReadConsoleA
WriteConsoleOutputA
FindNextFileA
GetNamedPipeHandleStateA
GetTimeFormatA
EnumSystemLocalesA
FlushInstructionCache
VirtualProtectEx
Sleep
GetSystemDirectoryA
GlobalMemoryStatus
GlobalUnWire
GetHandleInformation
FindResourceExW
GetDateFormatA
CommConfigDialogW
MapViewOfFileEx
DisableThreadLibraryCalls
ExpandEnvironmentStringsA
EnumDateFormatsA
FormatMessageW
GetDiskFreeSpaceExW
SleepEx
lstrcatW
GetProfileStringW
GetCommandLineA
CreateFileMappingW
CompareFileTime
GetCurrencyFormatA
GlobalLock
SetComputerNameW
GetPrivateProfileSectionW
SetConsoleActiveScreenBuffer
GetStartupInfoW
GetPrivateProfileSectionA
VirtualFree
GetLogicalDriveStringsW
GetSystemInfo
GlobalFindAtomA
CreateEventA
ReleaseSemaphore
SuspendThread
TerminateThread
VirtualProtect
FileTimeToLocalFileTime
FindResourceExA
SetVolumeLabelW
MoveFileExW
Heap32ListFirst
WriteProfileStringA
WaitForSingleObject
InitializeCriticalSection
GetNamedPipeHandleStateW
GetProcessHeaps
GetVersion
GetSystemPowerStatus
CloseHandle
LocalAlloc
GetSystemDirectoryW
FindNextFileW
WritePrivateProfileStructW
lstrcpyA
UpdateResourceW
lstrlenA
LocalUnlock
GetTempFileNameA
GetProcessAffinityMask
WriteConsoleOutputAttribute
DebugBreak
GetConsoleTitleA
ExitThread
GetProfileIntW
GetDriveTypeA
GetConsoleCursorInfo
GetThreadContext
VirtualLock
WaitForSingleObjectEx
gdi32
FillPath
GetSystemPaletteUse
RectVisible
OffsetViewportOrgEx
SetAbortProc
CreateDCA
GetRegionData
RealizePalette
GetTextAlign
Rectangle
EnumFontsW
CreateEnhMetaFileW
CreateColorSpaceW
GdiPlayJournal
EnumFontFamiliesA
AbortDoc
GetTextCharsetInfo
SetPolyFillMode
ColorCorrectPalette
GetBkMode
CreateCompatibleBitmap
DeleteObject
CreateICW
SetBrushOrgEx
SetRectRgn
GetTextExtentPointW
LineDDA
GetRgnBox
GetTextExtentPoint32W
LPtoDP
CreateDIBPatternBrush
AddFontResourceW
TextOutW
DeviceCapabilitiesExA
SetWorldTransform
GetObjectA
GetCharWidth32A
Chord
SetBitmapDimensionEx
SetICMProfileA
Polyline
SetStretchBltMode
SetTextAlign
UnrealizeObject
PatBlt
SetColorAdjustment
GetMetaFileW
GetCharABCWidthsFloatW
GetCharABCWidthsW
CopyEnhMetaFileW
SelectClipRgn
SetICMMode
GetBkColor
CopyEnhMetaFileA
CreatePolygonRgn
PolyDraw
CreateRoundRectRgn
StretchDIBits
ModifyWorldTransform
EndDoc
GetTextExtentExPointW
MaskBlt
GetCharABCWidthsA
SetDeviceGammaRamp
GetTextExtentExPointA
PolyTextOutA
GetCurrentObject
GetEnhMetaFilePaletteEntries
GetRasterizerCaps
PlayMetaFileRecord
StartPage
ExtSelectClipRgn
SetDIBColorTable
CreatePatternBrush
AngleArc
SelectClipPath
CreatePenIndirect
CreateFontIndirectW
StartDocW
GetPixel
PolyTextOutW
GdiPlayScript
GetWinMetaFileBits
OffsetRgn
SetColorSpace
ExtCreatePen
PlgBlt
EnumFontFamiliesExA
GetBoundsRect
GetCharacterPlacementW
GetGraphicsMode
GetNearestPaletteIndex
OffsetClipRgn
EnumMetaFile
GetBitmapBits
SetPixelV
GetCharacterPlacementA
GetLogColorSpaceA
GetEnhMetaFileW
ExtTextOutW
GetTextColor
GetMiterLimit
CreatePen
PolyBezier
BeginPath
DeleteEnhMetaFile
RoundRect
PolyBezierTo
GetFontData
DeleteDC
LineTo
GetColorAdjustment
UpdateICMRegKeyA
ExtTextOutA
SetArcDirection
PolyPolygon
CreateEnhMetaFileA
CombineTransform
SwapBuffers
InvertRgn
SetPaletteEntries
PlayMetaFile
DescribePixelFormat
GetPaletteEntries
GetEnhMetaFileDescriptionA
PlayEnhMetaFileRecord
SetViewportOrgEx
PlayEnhMetaFile
SetTextJustification
Escape
CombineRgn
CreateICA
SelectPalette
Ellipse
comdlg32
ChooseColorA
PrintDlgA
LoadAlterBitmap
GetOpenFileNameA
advapi32
CryptAcquireContextA
CryptSetProviderExA
LogonUserA
LookupPrivilegeDisplayNameA
CryptExportKey
RegOpenKeyExW
StartServiceW
RegQueryValueA
CryptReleaseContext
GetUserNameA
CryptGetUserKey
AbortSystemShutdownA
RegCreateKeyA
CryptEncrypt
LookupSecurityDescriptorPartsA
DuplicateTokenEx
RegEnumKeyA
RegCreateKeyExW
RegQueryMultipleValuesA
RegSetValueW
CryptGetDefaultProviderA
DuplicateToken
RegRestoreKeyW
CryptSetHashParam
InitializeSecurityDescriptor
CryptVerifySignatureW
CryptDeriveKey
LookupAccountNameA
LookupAccountSidW
RegCreateKeyW
wininet
FindNextUrlCacheGroup
FtpOpenFileW
InternetConnectW
InternetGoOnlineW
HttpAddRequestHeadersA
InternetCreateUrlA
SetUrlCacheConfigInfoA
GetUrlCacheEntryInfoExA
FindFirstUrlCacheContainerW
GetUrlCacheGroupAttributeA
SetUrlCacheHeaderData
GopherFindFirstFileW
InternetTimeFromSystemTimeA
FindFirstUrlCacheGroup
FtpGetFileSize
InternetCombineUrlA
DetectAutoProxyUrl
InternetOpenUrlW
InternetSetOptionExW
UnlockUrlCacheEntryFile
CreateUrlCacheEntryA
InternetHangUp
FindNextUrlCacheContainerA
FtpDeleteFileA
InternetGetConnectedStateExA
InternetTimeFromSystemTimeW
InternetShowSecurityInfoByURLW
InternetTimeToSystemTime
UrlZonesDetach
InternetSetDialStateA
DeleteUrlCacheContainerW
CreateUrlCacheContainerW
FtpGetCurrentDirectoryW
FindNextUrlCacheEntryExW
InternetGoOnlineA
InternetReadFileExW
CommitUrlCacheEntryA
FtpFindFirstFileA
FtpFindFirstFileW
InternetGetConnectedStateExW
SetUrlCacheEntryInfoW
FtpCommandA
InternetTimeToSystemTimeA
FtpSetCurrentDirectoryW
InternetGetCertByURLA
RetrieveUrlCacheEntryFileA
FtpCommandW
HttpEndRequestW
FindFirstUrlCacheEntryA
InternetErrorDlg
ShowClientAuthCerts
InternetInitializeAutoProxyDll
InternetQueryOptionW
FindFirstUrlCacheEntryExW
InternetAutodialHangup
SetUrlCacheEntryGroupA
InternetSecurityProtocolToStringA
InternetCanonicalizeUrlW
SetUrlCacheConfigInfoW
FindNextUrlCacheEntryA
InternetQueryDataAvailable
FtpGetFileW
GopherGetLocatorTypeW
InternetShowSecurityInfoByURL
ShowSecurityInfo
InternetWriteFileExA
FtpPutFileEx
InternetDialA
FtpPutFileW
InternetQueryFortezzaStatus
GetUrlCacheConfigInfoW
FtpCreateDirectoryW
InternetLockRequestFile
FtpRenameFileW
RetrieveUrlCacheEntryStreamA
InternetAttemptConnect
InternetConfirmZoneCrossingW
FtpGetCurrentDirectoryA
FreeUrlCacheSpaceA
InternetSetOptionExA
FtpCreateDirectoryA
CommitUrlCacheEntryW
GopherFindFirstFileA
InternetConfirmZoneCrossing
CreateUrlCacheContainerA
InternetFindNextFileW
HttpSendRequestW
FindFirstUrlCacheEntryW
HttpSendRequestA
SetUrlCacheEntryInfoA
IncrementUrlCacheHeaderData
UpdateUrlCacheContentPath
InternetSetFilePointer
CreateUrlCacheGroup
InternetSetCookieW
InternetSetOptionW
FtpPutFileA
GopherOpenFileA
InternetGetCookieW
FindFirstUrlCacheEntryExA
InternetReadFile
InternetOpenUrlA
InternetFortezzaCommand
InternetAutodial
FtpRemoveDirectoryA
InternetSetDialState
InternetGetLastResponseInfoW
InternetAlgIdToStringW
InternetCloseHandle
InternetWriteFileExW
DeleteUrlCacheEntryA
InternetGetCertByURL
InternetGoOnline
IsUrlCacheEntryExpiredA
IsHostInProxyBypassList
FtpGetFileA
HttpOpenRequestW
HttpEndRequestA
DeleteUrlCacheEntry
InternetCrackUrlA
GopherCreateLocatorW
GopherGetLocatorTypeA
HttpSendRequestExA
FtpOpenFileA
InternetCheckConnectionA
FindNextUrlCacheContainerW
GetUrlCacheGroupAttributeW
RetrieveUrlCacheEntryStreamW
InternetGetLastResponseInfoA
InternetReadFileExA
DeleteUrlCacheContainerA
InternetSecurityProtocolToStringW
CreateUrlCacheEntryW
SetUrlCacheGroupAttributeA
ReadUrlCacheEntryStream
FreeUrlCacheSpaceW
InternetGetCookieA
InternetCrackUrlW
HttpCheckDavCompliance
InternetUnlockRequestFile
FtpSetCurrentDirectoryA
GetUrlCacheEntryInfoExW
RegisterUrlCacheNotification
SetUrlCacheGroupAttributeW
UnlockUrlCacheEntryStream
InternetCreateUrlW
InternetCanonicalizeUrlA
InternetTimeFromSystemTime
InternetOpenA
InternetWriteFile
HttpQueryInfoA
InternetGetConnectedState
UnlockUrlCacheEntryFileW
InternetAlgIdToStringA
GopherGetAttributeA
InternetSetDialStateW
FindNextUrlCacheEntryExA
InternetDial
FindFirstUrlCacheContainerA
FtpDeleteFileW
UnlockUrlCacheEntryFileA
FindCloseUrlCache
InternetCheckConnectionW
InternetConfirmZoneCrossingA
ResumeSuspendedDownload
InternetQueryOptionA
SetUrlCacheEntryGroup
ShowCertificate
DeleteUrlCacheGroup
GopherCreateLocatorA
GetUrlCacheEntryInfoA
HttpOpenRequestA
GetUrlCacheHeaderData
FindNextUrlCacheEntryW
GetUrlCacheEntryInfoW
FtpRenameFileA
InternetFindNextFileA
HttpAddRequestHeadersW
LoadUrlCacheContent
InternetGetConnectedStateEx
InternetCombineUrlW
GopherOpenFileW
InternetShowSecurityInfoByURLA
InternetTimeToSystemTimeW
InternetDialW
SetUrlCacheEntryGroupW
HttpQueryInfoW
FtpGetFileEx
GetUrlCacheConfigInfoA
DeleteUrlCacheEntryW
ShowX509EncodedCertificate
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 268KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ