3a14710347bd963b021fdb61b56baa104228ab3314124d089b71d9a9fa084019

Sharing

Copy URL Twitter E-mail

General

Target

3a14710347bd963b021fdb61b56baa104228ab3314124d089b71d9a9fa084019
Size

1.9MB
MD5

f473eaf83dda3a8a2c950b37e0f81ce8
SHA1

560080f39e8acced09e61aa38cc1f0a7d969b4fc
SHA256

3a14710347bd963b021fdb61b56baa104228ab3314124d089b71d9a9fa084019
SHA512

f43c3c4e46446202f03c95f6b044497284f3197397428c0811ef9ffe6c67aa24a90c76667bbbc0333d7c2059a799498c8752190aeaf9a0a9b0429af3f200afc5
SSDEEP

12288:A1p3H6bUlKVRcf7lUaXcTuszuG1T0elw03WKwJs8yv0PtZn7gTSWTpQzMeqvmreT:A1A2Am5su2nlw6WJyyRKTZuSxlx8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a14710347bd963b021fdb61b56baa104228ab3314124d089b71d9a9fa084019

Files

3a14710347bd963b021fdb61b56baa104228ab3314124d089b71d9a9fa084019
.exe windows:5 windows x86 arch:x86

65737bf1326bdce1a3f7b46c6065a414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Source\openoffice\main\desktop\wntmsci12.pro\bin\loader2.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW

msi

ord8
ord178
ord148
ord77
ord112
ord179
ord150
ord78
ord113

kernel32

SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
HeapSize
CreateFileA
GetVersionExA
lstrcmpA
lstrlenA
GetLastError
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionA
GetFileAttributesA
GetFullPathNameA
GetSystemDirectoryA
GetExitCodeProcess
CreateProcessA
lstrcmpiA
CreateMutexA
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameA
GetCommandLineA
FindClose
FindNextFileA
FindFirstFileA
GetSystemDefaultLangID
GetUserDefaultLangID
lstrcmpW
lstrlenW
LoadLibraryW
GetPrivateProfileSectionW
GetFileAttributesW
GetFullPathNameW
GetSystemDirectoryW
CreateProcessW
lstrcmpiW
CreateMutexW
CreateFileMappingW
GetModuleFileNameW
GetCommandLineW
FindNextFileW
FindFirstFileW
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
HeapFree
DeleteFileA
DeleteFileW
GetStartupInfoA
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
ExitProcess
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetHandleCount
GetFileType
ReadFile
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetConsoleCtrlHandler
GetLocaleInfoW
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InitializeCriticalSectionAndSpinCount
InterlockedExchange

user32

TranslateMessage
LoadStringW
MessageBoxW
CharNextW
PeekMessageW
DispatchMessageW
LoadStringA
MessageBoxA
CharNextA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65737bf1326bdce1a3f7b46c6065a414

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

msi

kernel32

user32

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 241KB - Virtual size: 241KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 241KB - Virtual size: 241KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB