14dc9bb4be3b6097641c265de4683646

Sharing

Copy URL Twitter E-mail

General

Target

14dc9bb4be3b6097641c265de4683646
Size

433KB
MD5

14dc9bb4be3b6097641c265de4683646
SHA1

c395d54a596df5e8abf38ef5dc210d004693aceb
SHA256

ce3aef921a972a3e573b788e99971abb571895809c4e06e4bbe7d278506ca7c5
SHA512

57cd5e2e7ea905ca5ef1b3d11728a457971ceefacf901db4547842b3647066f25408bcb47ff7b8767be13ade72c4db51b1bbd64150c52a285c3dbfbeceb30dd0
SSDEEP

12288:L/SlM25WCtEC+/YMY7Kv9Kd33IHLRPYxeg:WlMSWCtbf7O9KdHkdwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14dc9bb4be3b6097641c265de4683646

Files

14dc9bb4be3b6097641c265de4683646
.exe windows:4 windows x86 arch:x86

72874f446283065c14a51c9d92683bc9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopSetPolicySettingStatus

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

dnsapi

DnsReplaceRecordSetW

ntdll

RtlUnicodeStringToAnsiString
NtAllocateVirtualMemory
strlen
RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
memmove
wcslen
RtlAnsiStringToUnicodeString
_chkstk
RtlUnwind
_wcsicmp
NtQueryVirtualMemory

kernel32

GlobalLock
TlsGetValue
GetModuleHandleA
SetEvent
lstrcmpiW
LoadLibraryW
SetCurrentDirectoryW
EnterCriticalSection
TlsSetValue
LoadResource
GetTempFileNameW
SetErrorMode
LocalFree
GetProcAddress
lstrcpynW
GetModuleFileNameW
GetLastError
FindResourceA
MulDiv
InterlockedDecrement
FindNextFileW
DeleteCriticalSection
lstrcpyW
TlsFree
GetProfileStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetModuleHandleW
WideCharToMultiByte
FormatMessageW
LocalReAlloc
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
FindFirstFileW
FindClose
SetUnhandledExceptionFilter
lstrcmpW
GetTickCount
GetFullPathNameW
FindResourceW
GetCurrentDirectoryW
FreeLibrary
CloseHandle
LockResource
GetProcessVersion
GetCurrentProcessId
LeaveCriticalSection
DelayLoadFailureHook
MultiByteToWideChar
TerminateProcess
InitializeCriticalSectionAndSpinCount
DeleteFileW
SizeofResource
GetVolumeInformationW
SetLastError
CreateFileW
WaitForSingleObject
LocalAlloc
GetDriveTypeW
GlobalFree
GlobalReAlloc
GetACP
GetShortPathNameW
FreeResource
GlobalUnlock
ResetEvent
FindResourceExW
CreateThread
UnhandledExceptionFilter
TlsAlloc
InterlockedCompareExchange
GetFileAttributesW
CreateEventW
LocalSize
GetCurrentProcess
InterlockedExchange
lstrlenW
InterlockedIncrement
lstrlenA
GetSystemTimeAsFileTime
lstrcpyA
GetUserDefaultLCID
GetCurrentThreadId
FreeLibraryAndExitThread
GlobalAlloc

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72874f446283065c14a51c9d92683bc9

Headers

File Characteristics

Imports

userenv

ole32

dnsapi

ntdll

kernel32

mswsock

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 122KB - Virtual size: 920KB

.rdata Size: 240KB - Virtual size: 240KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 122KB - Virtual size: 920KB

.rdata
Size: 240KB - Virtual size: 240KB

.rsrc
Size: 56KB - Virtual size: 56KB