7b14a832960b5b44c7677a43a812c38dab00c1ac24e1fed88a6aa220d4788e9b

Sharing

Copy URL Twitter E-mail

General

Target

7b14a832960b5b44c7677a43a812c38dab00c1ac24e1fed88a6aa220d4788e9b
Size

50KB
MD5

b0c2aedd5cfa8c3d7ce2affcb637245a
SHA1

9ff896381c0dc99a9b29345e29781090f3a4879f
SHA256

7b14a832960b5b44c7677a43a812c38dab00c1ac24e1fed88a6aa220d4788e9b
SHA512

aa5339f5d16fd3ee4abfbc7c6d8bb3769045393661f79c1ba18c331753bcfee821a4fd5377e17df8daa4f5f5dc389617c87fd9578838c409a4f813f94fb6fe53
SSDEEP

768:aTmUiK0eHDBPpUgCdv5XcRx+63Q4KcYH:adiKBjU1mv/QZx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b14a832960b5b44c7677a43a812c38dab00c1ac24e1fed88a6aa220d4788e9b

Files

7b14a832960b5b44c7677a43a812c38dab00c1ac24e1fed88a6aa220d4788e9b
.exe windows:1 windows x86 arch:x86

7e63032530ce2511a161306fe875a0df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

amj1

ABOUT@F
AMJ1:INIT@F10ERRORCLASS8INICLASS
AMJ1:KILL@F
SECURITY@Fsb
SECURITY_UNREGISTER_USER@F

amj3

AMJ3:INIT@F10ERRORCLASS8INICLASS
AMJ3:KILL@F
IPAD_FIND_JOBS@Fsb

c60dosx

DOS

c60netx

NetCloseCallBackWindow
NetDebugTrace

c60runx

Cla$ACCEPTED
Cla$ALERT
Cla$CLEAR
Cla$clearstr
Cla$code
Cla$COMMAND
Cla$DISPLAY
Cla$EVENT
CLA$FILE_DESTROY
Cla$freewindow
Cla$GETINI
Cla$HELP
Cla$init
Cla$KEYCODE
Cla$MessageBox
Cla$NewMemT
Cla$paopen
Cla$PopString
Cla$POST
Cla$PushCString
Cla$PushLong
Cla$PushPictLong
Cla$PushString
Cla$SetPropS
Cla$StackCLIP
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackConcat
Cla$StackConcatR
Cla$StackLOWER
Cla$StackSUB
Cla$StackUPPER
Cla$START
Cla$START1
Cla$StashBP
Cla$THREAD_FILE
Cla$TODAY
THR$GetInstance
Wsl$CloseDown
_exit
_free
_malloc
__sysinit
__sysstart

cwhh60

Init@F11tagHTMLHelpsbl
Kill@F11tagHTMLHelp
ShowIndex@F11TAGHTMLHELPOsb
ShowSearch@F11TAGHTMLHELP
ShowTOC@F11TAGHTMLHELP
TYPE$tagHTMLHelp
VMT$tagHTMLHelp

dict

$GLO:COMPANY_NAME
$GLO:HELP_FILENAME
$GLO:SYSTEM_INI_FILENAME
$GLOBALREQUEST
$GLOBALRESPONSE
$RELATE:A1BC28
$VCRREQUEST
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ASK@F13WINDOWMANAGER
CHANGEACTION@F13WINDOWMANAGER
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F10FUZZYCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
DESTRUCT@F7DEBUGER
DICT:INIT@F10ERRORCLASS8INICLASS
DICT:KILL@F
FETCH@F8INICLASSsbBw
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F10FUZZYCLASS
INIT@F13WINDOWMANAGER
INIT@F15MNREGISTRYCLASS
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
KILL@F10FUZZYCLASS
KILL@F13WINDOWMANAGER
KILL@F15MNREGISTRYCLASS
KILL@F8INICLASS
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SETALERTS@F13WINDOWMANAGER
SETOPTION@F10FUZZYCLASSUcUc
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TYPE$TOOLBARCLASS
UPDATE@F13WINDOWMANAGER
UPDATE@F8INICLASSsbBw
VMT$DEBUGER
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$FUZZYCLASS
VMT$INICLASS
VMT$MNREGISTRYCLASS
VMT$TOOLBARCLASS

user32

SystemParametersInfoA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e63032530ce2511a161306fe875a0df

Headers

File Characteristics

Imports

amj1

amj3

c60dosx

c60netx

c60runx

cwhh60

dict

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 10KB

.cwtls Size: 512B - Virtual size: 55KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 700B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 10KB

.cwtls
Size: 512B - Virtual size: 55KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 700B