c14cfa18012acef24d08c22faebce223

Sharing

Copy URL Twitter E-mail

General

Target

c14cfa18012acef24d08c22faebce223
Size

168KB
MD5

c14cfa18012acef24d08c22faebce223
SHA1

47d5f619b5906c1c34020ab832bb073ef3240a8f
SHA256

3e69163fe0751b57b57ba3d16bc25efd17f9c3b6396d86053e5c1e41cbc5f1cb
SHA512

ff822b2ff7560c57396fc3515647bde412741fd0fb1e96e1761fb4e8c4f9a0368c6b921914942d94d733078830250a5713a63e98859587ce8524efef9f7d4b51
SSDEEP

3072:QeBkYjchf06+lxOIev+rgKnBsCuZKaJkvgAISCKdFQuhACtqaPK+Ab2gLkv:Q74Cfcs+rgHCuovgJnKthttqay+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c14cfa18012acef24d08c22faebce223

Files

c14cfa18012acef24d08c22faebce223
.exe windows:4 windows x86 arch:x86

7bde0eec3350b010f24719726a1ac1d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ChangeServiceConfigA
ControlService
CreateServiceA
FreeSid
GetSecurityDescriptorControl
GetUserNameA
RegSetValueExA
StartServiceCtrlDispatcherA
UnlockServiceDatabase

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteAtom
DeleteFileA
DuplicateHandle
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FindFirstFileA
FreeLibrary
GetComputerNameA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetProcAddress
GetProcessHeap
GetStdHandle
GetStringTypeA
GetSystemDirectoryA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalFree
GlobalReAlloc
GlobalUnlock
HeapCreate
HeapDestroy
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LCMapStringA
LoadResource
LocalFree
MapViewOfFile
MoveFileExA
OpenEventA
QueryPerformanceCounter
RemoveDirectoryA
SearchPathA
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFileTime
SetHandleCount
SetLastError
SetPriorityClass
Sleep
SuspendThread
TlsAlloc
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
WaitForSingleObject
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrlenA

ole32

CoInitializeEx
CreateOleAdviseHolder
OleInitialize
OleRegGetMiscStatus

user32

CallWindowProcA
CharLowerA
CharNextA
CharPrevA
CopyRect
DestroyIcon
DrawIcon
EndDialog
EqualRect
GetAsyncKeyState
GetSubMenu
GetSysColorBrush
GetWindowTextA
GetWindowThreadProcessId
IsIconic
IsRectEmpty
KillTimer
LoadBitmapA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
MoveWindow
PeekMessageA
PtInRect
ReleaseDC
SetWindowLongA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

CODE
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bde0eec3350b010f24719726a1ac1d8

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

user32

version

Sections

CODE Size: 98KB - Virtual size: 100KB

BSS Size: - Virtual size: 172KB

CRT Size: 64KB - Virtual size: 68KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

CODE
Size: 98KB - Virtual size: 100KB

BSS
Size: - Virtual size: 172KB

CRT
Size: 64KB - Virtual size: 68KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB