14ca4aa820c9ab2d1b4857959ecc9755

Sharing

Copy URL Twitter E-mail

General

Target

14ca4aa820c9ab2d1b4857959ecc9755
Size

434KB
MD5

14ca4aa820c9ab2d1b4857959ecc9755
SHA1

c6792dc5856d2d7ba468316083988b7f8f93af63
SHA256

f037d8684e9e08c49755fa90cd14de0dc3b0079a909489d4bfa8a5f5f42a8a9b
SHA512

dba2c915011b9a5445e698f39baa63afd70c891c0c9675e47d91b0820c61bafe7c7bf7b2cea8f3974e125ed11bdccf6103f5c4eca63c79a0fe215ca8e44f3a8e
SSDEEP

12288:N3wNhAIgIqBsC0PcHZnueYL33FHhdDEF9ro/F:tchlxVCnc3VH7oTSF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14ca4aa820c9ab2d1b4857959ecc9755

Files

14ca4aa820c9ab2d1b4857959ecc9755
.exe windows:4 windows x86 arch:x86

060a5e3043fae0c0077e9a2adfcfbfc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHInvokePrinterCommandW
FindExecutableA

kernel32

GetCommandLineA
FlushFileBuffers
GetCurrentProcess
GetTickCount
InterlockedDecrement
GetModuleFileNameA
GetModuleHandleA
LocalShrink
WriteFileEx
MoveFileExW
CreateRemoteThread
OpenFileMappingA
OutputDebugStringW
SetConsoleCtrlHandler
FindResourceA
GetCPInfo
InitializeCriticalSection
GetCurrencyFormatW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TlsAlloc
LockFile
GetOEMCP
HeapFree
GetLastError
WriteFile
HeapValidate
GetStringTypeA
VirtualQuery
FreeEnvironmentStringsA
TerminateProcess
ExitProcess
SetFilePointer
FreeEnvironmentStringsW
GetStringTypeW
SetConsoleTitleA
GetEnvironmentStringsW
CloseHandle
HeapReAlloc
TlsSetValue
LCMapStringW
MultiByteToWideChar
IsBadReadPtr
DeleteCriticalSection
InterlockedExchange
GetVolumeInformationW
CreateFileMappingW
SetConsoleWindowInfo
TlsGetValue
HeapCreate
LoadLibraryA
SetHandleCount
SetConsoleCP
SetLastError
SetPriorityClass
GlobalHandle
GetACP
QueryPerformanceCounter
OutputDebugStringA
LeaveCriticalSection
DebugBreak
CreateMutexA
GetFileType
InterlockedIncrement
EnterCriticalSection
GetCurrentThread
GetCurrentProcessId
WideCharToMultiByte
GetProcAddress
FindNextChangeNotification
TlsFree
LCMapStringA
FlushConsoleInputBuffer
VirtualAlloc
RtlUnwind
HeapAlloc
GetEnvironmentStrings
GetCurrentThreadId
SetStdHandle
GetStdHandle
GlobalFindAtomW
GetStartupInfoA
VirtualFree
GlobalDeleteAtom
IsBadWritePtr
GetVersion
HeapDestroy

advapi32

CryptAcquireContextA
RegCreateKeyA
AbortSystemShutdownA
CryptSetProviderA
RegReplaceKeyA
RegLoadKeyW
RegEnumValueA
CryptCreateHash
RegEnumKeyExA
RegRestoreKeyW
CryptSetProviderExW
RegSetValueA
RegQueryInfoKeyA
CryptGetHashParam
RegLoadKeyA
CryptExportKey
RegCreateKeyExW
RegSaveKeyW
RegConnectRegistryA
CryptEnumProviderTypesA
CryptGetDefaultProviderA
CryptGenKey

gdi32

CreateFontA
SetPolyFillMode
FloodFill
SetWorldTransform
SetICMProfileA
GetClipBox
GetNearestPaletteIndex
PolylineTo
RoundRect
SetICMProfileW
SetDIBits
DeviceCapabilitiesExA
GetViewportExtEx
CloseFigure
CreateEnhMetaFileW

comdlg32

GetOpenFileNameW
ReplaceTextA
ChooseColorW

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

060a5e3043fae0c0077e9a2adfcfbfc6

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

gdi32

comdlg32

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 7KB - Virtual size: 12KB

.data Size: 282KB - Virtual size: 281KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 7KB - Virtual size: 12KB

.data
Size: 282KB - Virtual size: 281KB

.rsrc
Size: 5KB - Virtual size: 5KB