a14761fbc3097edd2444314f5e01afe6

Sharing

Copy URL

Twitter E-mail

General

Target

a14761fbc3097edd2444314f5e01afe6
Size

632KB
MD5

a14761fbc3097edd2444314f5e01afe6
SHA1

00dc9f72598e3300bf87e989a5be66e36f9dae5c
SHA256

a5baeb37d4392be16a77bf9a9c19f80bd24e6700c02fbed2512e7dcc4bfdd135
SHA512

3c46255de66c9a4965139557c06c176e41b7fbd2bce6897f09423cbd09feb92fba64be083a28884383d4ddf7a51e29a2ebcb3c5ae5028e20539309000dc3af57
SSDEEP

12288:F6xQix12q526THJk2f3BHRnhTl+09QgFa5e:F6xQiDP7DfRHRnTlak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a14761fbc3097edd2444314f5e01afe6

Files

a14761fbc3097edd2444314f5e01afe6
.exe windows:4 windows x86 arch:x86

ff197c07305c40a696a208020598fbfb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ott\ofxeaiezt\dsey\ebeneptcre.pdb

Imports

shell32

SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

comdlg32

ChooseColorA
ChooseFontA
GetFileTitleW
PrintDlgW

user32

SetWinEventHook
DdeImpersonateClient
UnpackDDElParam
InsertMenuW
FreeDDElParam
LoadAcceleratorsW
SetProcessWindowStation
LoadKeyboardLayoutW
MessageBoxA
LoadKeyboardLayoutA
IsCharAlphaA
DestroyWindow
CharToOemW
CreateWindowExW
DragDetect
TranslateMessage
DdeAccessData
GetWindowThreadProcessId
SetSystemCursor
GetKeyboardType
GetTitleBarInfo
GetWindowDC
SendDlgItemMessageA
GetUserObjectInformationW
MessageBoxW
CheckRadioButton
SetShellWindow
SetRect
LoadIconA
EnumPropsExW
ShowWindow
MessageBeep
PackDDElParam
RegisterClassExA
RegisterClassA
SetDeskWallpaper
GetKeyboardLayoutNameA
DefWindowProcW
PostThreadMessageW
OffsetRect
DlgDirListW
MonitorFromWindow
ImpersonateDdeClientWindow
GetWindowContextHelpId
SetCapture
EndDeferWindowPos
LoadCursorFromFileA
IsWindowUnicode
DdeUninitialize
ToUnicode
FindWindowExW
EnumClipboardFormats
UnregisterClassA

kernel32

CreateMutexA
HeapSize
GetConsoleOutputCP
GetStdHandle
SetConsoleCtrlHandler
GetCommandLineA
AllocConsole
LockFile
IsDebuggerPresent
HeapAlloc
TlsFree
ExitProcess
GlobalFree
GetFileType
FreeEnvironmentStringsW
Sleep
GetConsoleCP
WriteConsoleW
SetLastError
MultiByteToWideChar
GetCommandLineW
WriteConsoleA
GetCurrentThreadId
LCMapStringA
GetModuleFileNameW
FindResourceExA
FlushFileBuffers
InterlockedDecrement
VirtualAlloc
GetProcessHeap
VirtualFree
HeapFree
GetCPInfo
GetTimeFormatA
LoadLibraryA
GetTickCount
GetOEMCP
GetModuleHandleA
RtlUnwind
EnumSystemLocalesA
GetVersionExA
CreateFileA
SetEnvironmentVariableA
GetStartupInfoA
HeapDestroy
LeaveCriticalSection
SetUnhandledExceptionFilter
TerminateProcess
GetStringTypeW
VirtualQuery
InterlockedExchange
FreeLibrary
GetProfileIntW
SetConsoleTitleA
LCMapStringW
UnhandledExceptionFilter
GetCurrentProcessId
EnterCriticalSection
FreeEnvironmentStringsA
GetModuleFileNameA
GetACP
GetEnvironmentStringsW
InterlockedExchangeAdd
GetTimeZoneInformation
GetCurrentThread
SetStdHandle
DeleteCriticalSection
QueryPerformanceCounter
OpenMutexA
GetExitCodeProcess
SleepEx
HeapCreate
WideCharToMultiByte
GetAtomNameW
GetLocaleInfoW
IsValidCodePage
SetHandleCount
CompareStringW
GetStringTypeA
WriteFile
TlsAlloc
CompareStringA
GetDateFormatA
CloseHandle
GetUserDefaultLCID
TlsGetValue
GetSystemTimeAsFileTime
GetStartupInfoW
GetLastError
IsValidLocale
GetCurrentProcess
InterlockedIncrement
TlsSetValue
GetConsoleMode
ReadFile
GetLocaleInfoA
HeapReAlloc
SetFilePointer
GetProcAddress
EnumResourceLanguagesA
GetEnvironmentStrings
InitializeCriticalSection
GetSystemTime

gdi32

CombineTransform
SetBitmapDimensionEx
Rectangle
CreateDIBPatternBrush
DeleteDC
GetDeviceCaps
GetObjectA
GetObjectType
FillPath
CreateDCW
GetMetaFileBitsEx
CreateColorSpaceW
DeleteObject
PtVisible
CreateICW
DeviceCapabilitiesExA
CreateDiscardableBitmap
DeleteMetaFile

advapi32

CryptSignHashW
InitializeSecurityDescriptor
CryptGetDefaultProviderA
CryptContextAddRef
RegNotifyChangeKeyValue
CryptSetProvParam
LookupPrivilegeDisplayNameA
RegQueryMultipleValuesA
RegQueryValueW
DuplicateToken
CryptDeriveKey
RegEnumKeyA
CryptGetProvParam
CryptGenKey
GetUserNameW
RegCreateKeyExA
CryptAcquireContextW
LookupAccountNameA
CryptEnumProvidersA
RegEnumKeyExW
RegLoadKeyW
RegOpenKeyExA
CryptCreateHash
RegRestoreKeyW

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff197c07305c40a696a208020598fbfb

Headers

File Characteristics

PDB Paths

Imports

shell32

comctl32

comdlg32

user32

kernel32

gdi32

advapi32

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 264KB - Virtual size: 260KB

.data Size: 108KB - Virtual size: 136KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 264KB - Virtual size: 260KB

.data
Size: 108KB - Virtual size: 136KB

.rsrc
Size: 60KB - Virtual size: 57KB