c14d42616f531e93f0fff6713db797f12abb69cb39d0cd57ee5178dd48b876f0

Sharing

Copy URL Twitter E-mail

General

Target

c14d42616f531e93f0fff6713db797f12abb69cb39d0cd57ee5178dd48b876f0
Size

6.0MB
MD5

2b95c47f58ae2fc27d8d4e3252a74518
SHA1

392c4d8ed8ace587ab66f1954aa29bf65930959e
SHA256

c14d42616f531e93f0fff6713db797f12abb69cb39d0cd57ee5178dd48b876f0
SHA512

5a155caa93323ff4f540436747d7632d5d3cf7dd4119eee6816bd29647392d4a92faa64f985c845fa5bdead7e5b9ed4ae7be9aef1a27a73fb32e1e41f6189a9f
SSDEEP

98304:Cg6x+7EKsyuasrnc8v0f53pQUnUL+YUZQpcutds6jm8ky0f+r0fP+y4q+/Rpji2P:50+7Tsyua8ncB3enUZwPtdswAffWN5JZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c14d42616f531e93f0fff6713db797f12abb69cb39d0cd57ee5178dd48b876f0

Files

c14d42616f531e93f0fff6713db797f12abb69cb39d0cd57ee5178dd48b876f0
.dll windows:6 windows x86 arch:x86

e2ae0ba4ed0bc69898c76bc2d5bd17b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
VirtualQuery
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

libcrypto-1_1

MD5_Init

sso_log

?utils_LogA@@YA_NHPADZZ

shlwapi

PathStripPathW

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSFreeMemory
WTSSendMessageW

user32

GetSystemMetrics
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

ole32

CoCreateGuid

oleaut32

VariantClear

Exports

Exports

dat_LoadData
dat_LoadPassToken
dat_SaveData
dat_SavePassToken
dat_VerifySignature

Sections

.text
Size: - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BDG0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BDG1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2ae0ba4ed0bc69898c76bc2d5bd17b5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

libcrypto-1_1

sso_log

shlwapi

crypt32

wintrust

iphlpapi

wtsapi32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 186KB

.rdata Size: - Virtual size: 73KB

.data Size: - Virtual size: 7KB

.gfids Size: - Virtual size: 572B

.tls Size: - Virtual size: 9B

.BDG0 Size: - Virtual size: 3.6MB

.BDG1 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 186KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 7KB

.gfids
Size: - Virtual size: 572B

.tls
Size: - Virtual size: 9B

.BDG0
Size: - Virtual size: 3.6MB

.BDG1
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB