14bd6caf55fe40c46c75df7f0a91a20f529233bb56237d97c44e2b20ca617211N

Sharing

Copy URL Twitter E-mail

General

Target

14bd6caf55fe40c46c75df7f0a91a20f529233bb56237d97c44e2b20ca617211N
Size

211KB
MD5

8c8f3d66fae0e5dd79f27fc7358108d0
SHA1

9472e05266b6a6123409f2f921cbc2fb9970c47f
SHA256

14bd6caf55fe40c46c75df7f0a91a20f529233bb56237d97c44e2b20ca617211
SHA512

24d193ebc5210cd1ebb9875ce14330739ae41af3e8830c48cf2fd58512d0516cf532f354228c7c0a33c5e97b5ac797cd83b13a67e11263b64421d9e4a0a86c01
SSDEEP

3072:0T3U39uLFyXJIpS2Gr5P57NnpO7SBROwzcHMzBGaY4BfFTaItbn:0T3s9upyXJ0S2O5P5ZHtLBf9V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14bd6caf55fe40c46c75df7f0a91a20f529233bb56237d97c44e2b20ca617211N

Files

14bd6caf55fe40c46c75df7f0a91a20f529233bb56237d97c44e2b20ca617211N
.exe windows:10 windows x64 arch:x64

a7590d0dbeaae4c4fce9788494f4f8be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

SetupPlatform.pdb

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
__CxxFrameHandler3
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
__RTDynamicCast
_vsnwprintf
memmove_s
_vscwprintf
wcsrchr
wcschr
free
malloc
_wcsnicmp
_wcmdln
iswalpha
_wtoi
_wcsicmp
calloc
??0exception@@QEAA@AEBQEBDH@Z
memset

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

unbcl

??0Win32Exception@UnBCL@@QEAA@KPEBG@Z
??0Object@UnBCL@@QEAA@XZ
??1Object@UnBCL@@UEAA@XZ
?Equals@Object@UnBCL@@UEBAHPEBV12@@Z
?GetHashCode@Object@UnBCL@@UEBAHXZ
?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ
?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ
?GetObjectID@Object@UnBCL@@UEBAIXZ
?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z
?Clone@Object@UnBCL@@UEBAPEAV12@XZ
??2Object@UnBCL@@SAPEAX_K@Z
??3Object@UnBCL@@SAXPEAX@Z
?AddRef@Object@UnBCL@@QEAAXXZ
?DecRef@Object@UnBCL@@QEAAHXZ
?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z
??0String@UnBCL@@QEAA@PEBG@Z
??1String@UnBCL@@UEAA@XZ
?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z
?GetHashCode@String@UnBCL@@UEBAHXZ
?ToString@String@UnBCL@@UEBAPEAV12@XZ
?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ
?CompareTo@String@UnBCL@@QEBAHPEBGH@Z
?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z
?get_Length@String@UnBCL@@QEBAHXZ
?get_CString@String@UnBCL@@QEBAPEBGXZ
??1NotSupportedException@UnBCL@@UEAA@XZ
?Remove@String@UnBCL@@QEBAPEAV12@HH@Z
?Substring@String@UnBCL@@QEBAPEAV12@HH@Z
?Compare@String@UnBCL@@SAHPEBG0H@Z
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??1Win32Exception@UnBCL@@UEAA@XZ
??1ArgumentException@UnBCL@@UEAA@XZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
?Format@String@UnBCL@@SAPEAV12@PEBGZZ
?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z
?MemAllocFailed@Allocator@UnBCL@@SAHXZ
?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ
?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ
?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z
?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z
?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_HResult@Exception@UnBCL@@UEBAJXZ
?set_HResult@Exception@UnBCL@@MEAAXJ@Z
?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
?StartsWith@String@UnBCL@@QEBAHPEBGH@Z

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap

api-ms-win-downlevel-kernel32-l1-1-0

VirtualQuery
GetSystemInfo
VirtualProtect
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetExitCodeProcess
SetLastError
CreateProcessW
AcquireSRWLockExclusive
SetCurrentDirectoryW
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
ExpandEnvironmentStringsW
GetModuleFileNameW
SetErrorMode
RaiseException
FindClose

api-ms-win-downlevel-advapi32-l1-1-1

AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

GetPrivateProfileStringW

api-ms-win-downlevel-user32-l1-1-1

LoadStringW

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW

user32

MessageBoxW
RegisterHotKey
GetMessageW
PostThreadMessageW
UnregisterHotKey

kernel32

SetEvent
FindNextFileNameW
FindFirstFileNameW
CreateThread
OpenThread
GetVersionExW
GetProcAddress
FreeLibrary
GetFullPathNameW
GetFileAttributesW
CreateEventW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7590d0dbeaae4c4fce9788494f4f8be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

wdscore

unbcl

ntdll

api-ms-win-downlevel-kernel32-l1-1-0

api-ms-win-downlevel-advapi32-l1-1-1

api-ms-win-downlevel-kernel32-l2-1-0

api-ms-win-downlevel-user32-l1-1-1

api-ms-win-downlevel-advapi32-l4-1-0

user32

kernel32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 1024B - Virtual size: 560B