14efce30f5d96008e9a3a2f5767b36ba1fea616a9223ad8124c3598eaa29aefc

Sharing

Copy URL Twitter E-mail

General

Target

14efce30f5d96008e9a3a2f5767b36ba1fea616a9223ad8124c3598eaa29aefc
Size

399KB
MD5

4f00c0f352bbf0c9ef1697855ce885f0
SHA1

f9cda905bf0f76b8ec79d156a89977a5bafa85a7
SHA256

14efce30f5d96008e9a3a2f5767b36ba1fea616a9223ad8124c3598eaa29aefc
SHA512

b72c3db3abfd967cfbd53441be5c0fc2867102776c66020743c1e20e7001bd499018ac56d7e285782dffd73eb0d4a90b658c1e689aa5f074f5fb5d0d6e61ff36
SSDEEP

6144:1a6G7yu24+RRFM6BscxNcG0o+nOT7bmrqkpR:1aj7y33RRe6hx30jnObm3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14efce30f5d96008e9a3a2f5767b36ba1fea616a9223ad8124c3598eaa29aefc

Files

14efce30f5d96008e9a3a2f5767b36ba1fea616a9223ad8124c3598eaa29aefc
.exe windows:6 windows x64 arch:x64

19fba0a60fd1dd6e91d978937b254040

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

denpk2.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

kernel32

IsProcessorFeaturePresent
GetCommandLineW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
WaitForSingleObject
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLastError
CloseHandle
SetFileInformationByHandle
GetCurrentProcess
GetStdHandle
GetCurrentProcessId
HeapFree
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
MultiByteToWideChar
WriteConsoleW
GetCurrentThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ntdll

NtReadFile
RtlNtStatusToDosError
NtWriteFile

vcruntime140

__C_specific_handler
_CxxThrowException
memcmp
__current_exception
memset
memcpy
__CxxFrameHandler3
memmove
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_initialize_narrow_environment
__p___argc
__p___argv
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_cexit
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19fba0a60fd1dd6e91d978937b254040

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 291KB - Virtual size: 290KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 800B

.pdata Size: 15KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 291KB - Virtual size: 290KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 800B

.pdata
Size: 15KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 2KB