14e8d6e5e40dfd0d403c5cfed12639a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

14e8d6e5e40dfd0d403c5cfed12639a0N.exe
Size

3.9MB
MD5

14e8d6e5e40dfd0d403c5cfed12639a0
SHA1

0abaf743b66029a93904d5d9b9c5ab96b00ca362
SHA256

dcf48fbcba04f9bc34a97b896312d4dea91ce08c9f20e1a6c66af6438ff0297b
SHA512

9a2f526a8594d6af81edec244d55a33df96943d2c19de451dc0843629da0e9548ca352d8d3905a1cce62b1aead70fb20e13ce322581d607697f3c427d5e9fcfb
SSDEEP

49152:Ck3QCiQDKe82i0nX80/lKC9colVIgEVXdkYFZH3BoekqUDnNY0kipJ:ACiQlDnhcolVIf9dkQZ67NDnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e8d6e5e40dfd0d403c5cfed12639a0N.exe

Files

14e8d6e5e40dfd0d403c5cfed12639a0N.exe
.exe windows:4 windows x86 arch:x86

0eed068ed0ef6cfd0532fe87c7f76158

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

shlwapi

StrSpnA
StrCmpNIA
StrStrIA
StrToIntExA
StrToIntA

zlib

ord3
ord19
ord20
ord38
ord7
ord4
ord6
ord21

advapi32

RegCreateKeyExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc42

ord2859
ord1706
ord430
ord786
ord2461
ord3318
ord5572
ord6389
ord2915
ord939
ord941
ord519
ord6311
ord6283
ord6282
ord858
ord4129
ord4277
ord2764
ord4171
ord537
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord4278
ord6663
ord5710
ord2818
ord2514
ord922
ord536
ord859
ord3752
ord6128
ord6130
ord6141
ord3984
ord3988
ord3981
ord3979
ord3989
ord5859
ord5861
ord5858
ord5857
ord5608
ord5603
ord5602
ord5610
ord5604
ord913
ord5632
ord6270
ord2863
ord6605
ord763
ord2450
ord483
ord4160
ord2527
ord482
ord4333
ord3874
ord5875
ord2820
ord3811
ord3127
ord3616
ord798
ord1997
ord6407
ord5651
ord5194
ord350
ord533
ord5466
ord2096
ord384
ord2652
ord1669
ord2754
ord2567
ord2860
ord472
ord6877
ord2380
ord6215
ord4299
ord6199
ord924
ord926
ord6927
ord2814
ord5216
ord2763
ord1140
ord3495
ord5683
ord3439
ord4189
ord2044
ord2107
ord3903
ord2086
ord4202
ord940
ord775
ord639
ord3168
ord3466
ord5192
ord322
ord503
ord5450
ord5440
ord6383
ord6394
ord5834
ord4544
ord3274
ord4622
ord3579
ord439
ord736
ord5495
ord4083
ord5685
ord4226
ord3402
ord3610
ord2089
ord1829
ord816
ord562
ord3797
ord6880
ord6779
ord6648
ord6197
ord6377
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord613
ord6241
ord289
ord2080
ord3317
ord3742
ord2152
ord6379
ord772
ord635
ord5606
ord500
ord434
ord317
ord5575
ord5933
ord923
ord5934
ord1994
ord4188
ord3438
ord6876
ord802
ord6567
ord5622
ord6662
ord542
ord6929
ord5856
ord2919
ord4204
ord919
ord6928
ord925
ord6930
ord3054
ord3425
ord3880
ord3169
ord2813
ord839
ord433
ord464
ord850
ord465
ord857
ord462
ord5310
ord1601
ord2105
ord1238
ord1572
ord2721
ord3810
ord861
ord2811
ord5920
ord3115
ord3832
ord840
ord845
ord1158
ord5631
ord6883
ord665
ord5186
ord1772
ord1979
ord353
ord695
ord2816
ord837
ord920
ord1978
ord5200
ord1175
ord928
ord2017
ord2065
ord5712
ord1668
ord1622
ord3130
ord3676
ord2141
ord1656
ord5860
ord3055
ord614
ord3237
ord5297
ord435
ord1881
ord6781
ord5465
ord3790
ord6392
ord3452
ord2515
ord355
ord668
ord1980
ord4215
ord3181
ord4058
ord2781
ord2770
ord356
ord3337
ord3227
ord3408
ord3758
ord5645
ord5448
ord5778
ord3178
ord1105
ord4327
ord1989
ord2454
ord403
ord6010
ord6520
ord1953
ord6385
ord354
ord932
ord5773
ord5442
ord938
ord4203
ord1151
ord1193
ord603
ord1969
ord2801
ord882
ord273
ord2740
ord879
ord3759
ord3409
ord3228
ord1261
ord6569
ord2765
ord699
ord397
ord3938
ord912
ord5593
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2370
ord4234
ord3039
ord4710
ord1911
ord3316
ord3314
ord5242
ord6121
ord1774
ord2490
ord5010
ord5658
ord2395
ord6322
ord2609
ord1006
ord1787
ord6123
ord4291
ord5697
ord5708
ord4099
ord5701
ord3092
ord6334
ord5703
ord3180
ord3467
ord4284
ord348
ord663
ord693
ord795
ord6778
ord1799
ord3353
ord290
ord3176
ord3789
ord5609
ord2777
ord5601
ord6453
ord1816
ord3567
ord2575
ord4396
ord3574
ord3721
ord602
ord2302
ord1768
ord2642
ord793
ord1907
ord5161
ord5162
ord5160
ord5053
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord2301
ord4258
ord2645
ord3319
ord5461
ord5583
ord532
ord3719
ord2135
ord6696
ord3301
ord3996
ord2100
ord3998
ord6905
ord686
ord6888
ord6675
ord6907
ord6404
ord4243
ord2582
ord3370
ord4402
ord3640
ord4224
ord6762
ord3499
ord3177
ord393
ord5705
ord3398
ord3733
ord810
ord4000
ord1567
ord268
ord3303
ord6676
ord6335
ord2546
ord291
ord3876
ord3528
ord6094
ord4034
ord2576
ord3352
ord4644
ord1771
ord6366
ord2413
ord2024
ord4217
ord4397
ord3577
ord692
ord4225
ord5890
ord2937
ord3803
ord6741
ord6508
ord6919
ord2862
ord2097
ord6007
ord6766
ord5788
ord3293
ord3286
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord2649
ord1665
ord4436
ord2445
ord4427
ord796
ord794
ord807
ord529
ord527
ord554
ord401
ord674
ord4146
ord2494
ord2627
ord5871
ord2626
ord6069
ord2011
ord6000
ord2117
ord5884
ord2921

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
srand
rand
ispunct
islower
modf
_mbslen
_purecall
_atoi64
wcsrchr
wcslen
wcsncpy
wcsncmp
_mkdir
scanf
_getcwd
_chdir
ftell
printf
wcscmp
isprint
_fcvt
strcspn
toupper
time
localtime
isspace
sscanf
_stricmp
exit
_fmode
fputs
_heapmin
calloc
_makepath
_itoa
rename
_tempnam
remove
_open
_errno
_close
_lseek
_eof
_read
_write
_mbsnbcpy
fseek
fgetc
fgetpos
isalpha
isupper
sprintf
strtok
atol
strncpy
_except_handler3
_setmbcp
_wcsnicmp
_creat
_strupr
_strcmpi
_strlwr
_strnicmp
__CxxFrameHandler
strtoul
_mbstok
_mbscmp
memmove
atof
strchr
fclose
fflush
fprintf
fopen
_mbsicmp
atoi
isdigit
strtod
_ftol
_mbsnbcmp
malloc
_CIpow
_mbsnbcat
_mbsstr
free
_mbsupr
_strdup
strstr
fread
_filelength
_mbschr
_splitpath
realloc
_msize
_CxxThrowException
_mbsicoll
fgets
qsort
_mbsinc
_mbsdec
strrchr
fwrite
strncmp
isalnum
_local_unwind2

kernel32

DuplicateHandle
GetCurrentProcess
CreateFileA
GetStartupInfoA
ResetEvent
FileTimeToSystemTime
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
TerminateProcess
lstrcmpiA
FindNextFileA
CreateDirectoryA
HeapFree
SetEvent
HeapAlloc
GetLastError
GetComputerNameA
GetPrivateProfileSectionA
GetDriveTypeA
ResumeThread
SuspendThread
GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFileTime
CreateProcessA
DosDateTimeToFileTime
WritePrivateProfileStringA
GetShortPathNameA
lstrcmpA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
DeviceIoControl
QueryDosDeviceA
GetFileTime
MapViewOfFile
CreateFileMappingA
GetFileSize
SetEndOfFile
SetFilePointer
UnmapViewOfFile
AddAtomA
DeleteAtom
SetLastError
GetSystemTime
ReadFile
WriteFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetVolumeInformationA
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
FindClose
GetFileAttributesA
MoveFileA
SetFileAttributesA
RemoveDirectoryA
MultiByteToWideChar
InterlockedIncrement
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalSize
lstrcpyA
lstrlenA
GlobalAlloc
MulDiv
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
InterlockedDecrement
FormatMessageA
LocalFree
GetUserDefaultLCID
GetLocaleInfoA
GetWindowsDirectoryA
GetLocalTime
DeleteFileA
LocalFileTimeToFileTime
GetTempFileNameA
GetModuleHandleW
LocalUnlock
LocalLock
MoveFileExA
WideCharToMultiByte
GetProcessHeap
LocalAlloc
CopyFileA

user32

GetMessagePos
MapWindowPoints
GetMenuStringA
DispatchMessageA
SetRectEmpty
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
SetRect
GetCapture
ReleaseCapture
SetCapture
ClipCursor
SetTimer
EnableMenuItem
GetSubMenu
AppendMenuA
InvertRect
SetCursor
PtInRect
IsClipboardFormatAvailable
MessageBoxA
EmptyClipboard
SetClipboardData
UnregisterHotKey
GetClipboardData
LockWindowUpdate
EnableWindow
GetWindowRect
GetDC
ReleaseDC
GetFocus
GetClientRect
PostMessageA
GrayStringA
DrawTextA
TabbedTextOutA
RedrawWindow
OemToCharA
CharToOemA
GetClassNameA
RegisterHotKey
CreatePopupMenu
GetDesktopWindow
IsIconic
DrawIcon
GetSystemMenu
MessageBeep
WindowFromDC
SetWindowLongA
InvalidateRect
GetCursorPos
KillTimer
GetKeyState
FillRect
IntersectRect
IsWindow
SendMessageA
UpdateWindow
GetParent
GetDlgItem
TranslateAcceleratorA
LoadAcceleratorsA
RegisterWindowMessageA
OpenClipboard
LoadMenuA
SystemParametersInfoA
GetSysColor
LoadCursorA
DefWindowProcA
GetClassInfoA
CopyRect
GetDCEx
GetSysColorBrush
TranslateMessage
ModifyMenuA
SetParent
FrameRect
DrawStateA
DrawFocusRect
GetActiveWindow
LoadImageA
DestroyCursor
CheckMenuItem
RemoveMenu
GetMenuItemID
GetMenuItemCount
GetWindowLongA
FindWindowA
SetForegroundWindow
TrackPopupMenu
GetMenu
LoadIconA
IsCharAlphaNumericA
wsprintfA
ClientToScreen
WindowFromPoint
ScreenToClient
IsRectEmpty
IsWindowVisible
CloseClipboard
GetSystemMetrics

gdi32

SetBrushOrgEx
CreateRectRgnIndirect
CreateDCA
PtInRegion
PatBlt
SetTextColor
SelectObject
CreatePolygonRgn
FillRgn
Rectangle
GetCurrentObject
CreateFontA
StartDocA
GetDeviceCaps
StartPage
EndPage
EndDoc
AbortDoc
GetTextMetricsA
GetTextExtentPoint32A
CreatePen
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
UnrealizeObject

comdlg32

FindTextA
GetSaveFileNameA

shell32

SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Draw
ImageList_GetIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_DragMove

ole32

OleInitialize
OleUninitialize
StgCreateStorageEx
CLSIDFromString
CLSIDFromProgID
OleRun
CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

SysReAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantChangeType
VariantTimeToSystemTime
SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysAllocStringLen

odbc32

ord11
ord8
ord13
ord26
ord45
ord48
ord49
ord43
ord24
ord19
ord12
ord72
ord31
ord36
ord18

libeay32

ASN1_STRING_length
CRYPTO_malloc
ASN1_STRING_data
d2i_PKCS7
OBJ_obj2nid
PKCS7_ctrl
PKCS7_free
CRYPTO_free

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0eed068ed0ef6cfd0532fe87c7f76158

Headers

File Characteristics

Imports

netapi32

shlwapi

zlib

advapi32

version

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

shell32

comctl32

ole32

oleaut32

odbc32

libeay32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 464KB - Virtual size: 462KB

.data Size: 204KB - Virtual size: 207KB

.rsrc Size: 136KB - Virtual size: 132KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 464KB - Virtual size: 462KB

.data
Size: 204KB - Virtual size: 207KB

.rsrc
Size: 136KB - Virtual size: 132KB