14e8bd6cef9bcb8e84e786ecc04086ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e8bd6cef9bcb8e84e786ecc04086ae
Size

47KB
MD5

14e8bd6cef9bcb8e84e786ecc04086ae
SHA1

b4fa5087168797085933a858247c9cc339d092d7
SHA256

b2a9f979c01fb0649918bd8fd929ed14eda436d41a70732f2d1e216ced6d1a51
SHA512

0a5271f698e71c3d77b7d27daa69040b7512ac6e372bf5c9e799501b9d0b0b00ee76783d8206b2a46d38fbdc7575772ed80275037944a858e589e455b91e188b
SSDEEP

768:VbyRA8xiwuIPvfRFqbqZjVo7dbX2FBOVMFfDz+XQgr9TsebrQ/4fd2:Vm+8vuIJjV1OEEQgBTsebrQ/4F2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e8bd6cef9bcb8e84e786ecc04086ae

Files

14e8bd6cef9bcb8e84e786ecc04086ae
.exe windows:4 windows x86 arch:x86

957c8fe682a46518b617a4d3798a7aa6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ReleaseDC
SetTimer
PeekMessageA
GetKeyState
MapWindowPoints
RegisterClassA
DrawFrameControl
GetSystemMetrics

kernel32

HeapReAlloc
VirtualAlloc
GetOEMCP
GetProcessHeap
FindFirstFileA
GetVersion
GetSystemTimeAsFileTime
TlsAlloc
GetCurrentThread
CreateProcessA
GetLastError
InterlockedExchange
IsDebuggerPresent
GetEnvironmentStrings
CreateThread
IsValidCodePage

msvcrt

strncat
wcsstr
__mb_cur_max
__getmainargs
__dllonexit
qsort
__set_app_type
strncmp
fprintf

gdi32

RestoreDC
SelectClipRgn
CreateRectRgn
DeleteDC
StartDocA
SetTextAlign
CreateCompatibleDC
StartPage

ole32

CoInitialize
CoFreeUnusedLibraries
CoReleaseServerProcess
CoRegisterMessageFilter
CoFreeLibrary
OleSaveToStream
OleNoteObjectVisible
OleCreateDefaultHandler

advapi32

SetTokenInformation
IsValidSid
CopySid
AddAce
RegOpenKeyA
CreateProcessAsUserA
MapGenericMask
RegSetValueExA
AddAccessAllowedAce
GetSidSubAuthorityCount

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ