14eae5640e05d81885f1fbb936f0c96a

Sharing

Copy URL Twitter E-mail

General

Target

14eae5640e05d81885f1fbb936f0c96a
Size

60KB
MD5

14eae5640e05d81885f1fbb936f0c96a
SHA1

c8348578ebdbb128c86a29409fa4fc8232dd5fbd
SHA256

73b8e71bff62844d9faca3e82325b2a9a58c9b9c4a41792ebcf8cc6c8a8b5afa
SHA512

a242d41f664edbf16fdbed1ff9eb5673572155ce988268f6c06e7e49dfe865af315beac75afa40a9ee29d507e1a485d8ff08839ae22e3310b55027a8773a066d
SSDEEP

1536:hAwWaapZCXEqf4pHgXv/oOuck7omOV9up55QHsgAD6:hAwGZe4p4UdOG5ETAD6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14eae5640e05d81885f1fbb936f0c96a

Files

14eae5640e05d81885f1fbb936f0c96a
.exe windows:4 windows x86 arch:x86

d7c3d53b32b753b330120c464525e937

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualQuery
VirtualProtect
GetFileSize
SetFilePointer
WriteFile
GetWindowsDirectoryA
DeleteFileA
ExitThread
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
TerminateProcess
OpenProcess
RemoveDirectoryA
CreateDirectoryA
ReleaseSemaphore
GetLogicalDriveStringsA
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetLastError
LoadLibraryA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
CreateMutexA
GetLocaleInfoA
GetTickCount
GetCurrentProcessId
IsBadReadPtr
GetVersionExA
GetStartupInfoA
Sleep
CopyFileA
CreateSemaphoreA
CreateThread
WaitForSingleObject
LocalFree
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
CreateFileA
GetFileInformationByHandle
GetProcessHeap
FreeLibrary
CreateProcessA
HeapAlloc
ReadFile
HeapFree
TerminateThread
CloseHandle

user32

GetDC
GetActiveWindow
GetWindowTextA
IsWindowVisible
SetCursorPos
SendMessageA
BringWindowToTop
ShowWindow
MessageBoxA
mouse_event
EnumWindows

gdi32

GetDeviceCaps

advapi32

GetUserNameA
SetEntriesInAclA
SetSecurityInfo
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteKeyA
GetSecurityInfo

shell32

ShellExecuteA
FindExecutableA

urlmon

URLDownloadToFileA

ws2_32

getsockname
inet_addr
gethostbyaddr
WSACleanup
closesocket
shutdown
recv
gethostbyname
connect
send
__WSAFDIsSet
WSAStartup
socket
accept
listen
select
bind
htons

msvcrt

strstr
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
free
malloc
strcpy
strtok
_strcmpi
sprintf
exit
strlen
memset
strcmp
strncpy
atoi
strcat
memcpy

avicap32

capGetDriverDescriptionA

wininet

InternetOpenA
FtpPutFileA
InternetCloseHandle
InternetConnectA
InternetCheckConnectionA

Sections

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7c3d53b32b753b330120c464525e937

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

urlmon

ws2_32

msvcrt

avicap32

wininet

Sections

.data Size: 60KB - Virtual size: 59KB

.data
Size: 60KB - Virtual size: 59KB