014fb2deb95682b281b162e2990f6a3d954baff70b5519c9f159ec894f3bb5c6N

Sharing

Copy URL

Twitter E-mail

General

Target

014fb2deb95682b281b162e2990f6a3d954baff70b5519c9f159ec894f3bb5c6N
Size

32KB
MD5

f7a8271b9279f536f9684c8d62fce170
SHA1

b050bedf99016673487ca9d8de711505f3f99129
SHA256

014fb2deb95682b281b162e2990f6a3d954baff70b5519c9f159ec894f3bb5c6
SHA512

6f82216474a2de162591a7ddf32148f148cc6f77a101f3a9b8c9e29182ddbab3b21afad8e33056efb520acc38a20252e2ecef160c4237e2a86b729c3ac12bad3
SSDEEP

384:F/bpmIwjeCYDuwey35ZtghBEnCI4A27VbhTORsbQ3BA4q93bl29aENxkDYv:RkIacuwey3TnC42hVVk3Bhq6ODY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
014fb2deb95682b281b162e2990f6a3d954baff70b5519c9f159ec894f3bb5c6N

Files

014fb2deb95682b281b162e2990f6a3d954baff70b5519c9f159ec894f3bb5c6N
.exe windows:4 windows x86 arch:x86

ff08cd1dadd5a07209073ccc28507eb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

PDB Paths

e:\Vnc1\lockerBuilder\Release\lockerBuilder.pdb

Imports

kernel32

CloseHandle
ExitProcess
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapReAlloc
VirtualAlloc
HeapAlloc
VirtualQuery
InterlockedExchange
WriteFile
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
SetFilePointer
RtlUnwind
CreateFileA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize

user32

EndPaint
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
PostQuitMessage
GetDlgCtrlID
GetSysColor
GetDlgItemTextA
MessageBoxA
GetDlgItem
SetFocus
SendMessageA
SetWindowTextA
InvalidateRect
wsprintfA

gdi32

SetTextColor
CreateSolidBrush
SetBkMode

comdlg32

GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff08cd1dadd5a07209073ccc28507eb8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 52KB - Virtual size: 49KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 52KB - Virtual size: 49KB