14baaad6f144d5399d05bee19a9b530c01dff32427590f507e29c382fc76e97a

Sharing

Copy URL Twitter E-mail

General

Target

14baaad6f144d5399d05bee19a9b530c01dff32427590f507e29c382fc76e97a
Size

190KB
MD5

6f4ccb51d3b588e271769f45df0e1201
SHA1

86a39c7227856ac710eaf63e79b0137e6b00ab9b
SHA256

14baaad6f144d5399d05bee19a9b530c01dff32427590f507e29c382fc76e97a
SHA512

8b1157b942995efe3625238f1e61e46085f35096c08d67a8ecf7a0b1c9a927953aff735d292733a8fa67ab1138a5767f19033ef56ac1c935bc391fbc9d890024
SSDEEP

3072:UoyjocT6Fza+wl9nQYbBg3Oak+srSGJ4FPwR8/lrIvsPyNtkaLB:zPQ6Y+wlXqOakrh4K8/lkk5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14baaad6f144d5399d05bee19a9b530c01dff32427590f507e29c382fc76e97a

Files

14baaad6f144d5399d05bee19a9b530c01dff32427590f507e29c382fc76e97a
.dll windows:4 windows x86 arch:x86

f0a0ff7177d173b6ac43aef33f12569e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\Symbols\Release\sophos_detoured.pdb

Imports

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcessModules
GetModuleInformation

kernel32

HeapFree
FlushFileBuffers
CreateFileA
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetFilePointer
GetLastError
GetSystemInfo
ReadFile
CreateFileW
CloseHandle
GetVersionExW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
OpenEventW
WaitForSingleObject
GetFileSize
lstrlenA
lstrlenW
LCMapStringW
GetCurrentThread
InitializeCriticalSection
DisableThreadLibraryCalls
LoadLibraryW
GetCommandLineW
GetCurrentProcessId
CreateEventW
FreeLibrary
LocalFree
DeleteCriticalSection
GetLongPathNameW
Sleep
SuspendThread
VirtualQuery
lstrcpyW
IsBadReadPtr
SetLastError
CallNamedPipeW
GetSystemTime
WriteFile
WriteConsoleW
GetConsoleOutputCP
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
LoadLibraryA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
VirtualFree
HeapReAlloc
HeapDestroy
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA

user32

GetSystemMetrics

Exports

Exports

Detoured
spa_cbcdec
spa_cbcenc
spa_crypt
spa_init
spa_isweak
spa_sanitise
spa_setk
spmaa_buffer
spmaa_byte
spmaa_finalise2
spmaa_finalise32
spmaa_finalise64
spmaa_init

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0a0ff7177d173b6ac43aef33f12569e

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 11KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 13KB