14302b827c2e9b65591483e54e647d51bb5b176911332791cedd7af1be560226

Sharing

Copy URL

Twitter E-mail

General

Target

14302b827c2e9b65591483e54e647d51bb5b176911332791cedd7af1be560226
Size

256KB
MD5

6c9946e41131d6e311e8103861ca8107
SHA1

d792eac8d8f32f1ec6aa51dc1c830a174c83bc8c
SHA256

14302b827c2e9b65591483e54e647d51bb5b176911332791cedd7af1be560226
SHA512

42040ba91a5bad561560671dee1cd3a7445fdcf5bcf1cc6643b7fa7584ea83aab9ff16c8d0878e7ecba6f7f6cf98746b621952c17c476c4583cf4b676961b640
SSDEEP

6144:2uX3KDm/ePKTxu/q3yrvpjwzFST68tw8Trx7exH5qRpc:BXQK1cIyrv90STRaZq3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14302b827c2e9b65591483e54e647d51bb5b176911332791cedd7af1be560226

Files

14302b827c2e9b65591483e54e647d51bb5b176911332791cedd7af1be560226
.exe windows:4 windows x86 arch:x86

ce5b135f5dcc85fe141a8296a1a015ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord823
ord825

msvcrt

free
_beginthread

atl

ord21
ord18
ord22
ord15
ord16
ord44
ord43
ord32
ord58
ord23

kernel32

GetVersionExW
SetEvent
WaitForSingleObject
IsBadReadPtr
GetNumberFormatW
GetLocaleInfoW
GetCurrentProcess
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
lstrcpyW
GetShortPathNameW
GetModuleHandleW
lstrcmpiW
GetWindowsDirectoryW
GlobalAlloc
GetModuleHandleA
GetLastError
LoadLibraryW
LoadLibraryA
ExpandEnvironmentStringsW
lstrcmpW
GetCurrentThread
lstrcatW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenA
LocalFree
GetProcessHeap
CreateEventW
GetProcAddress

user32

SetWindowTextW
SetFocus
SendMessageW
SetDlgItemTextW
DialogBoxParamW
SendDlgItemMessageW
wsprintfW
MessageBeep
ShowWindow
GetDlgItemInt
EndDialog
SetDlgItemInt
LoadImageW
SetCursor
LoadCursorW
ShowCursor
IsWindow
PeekMessageW
SetWindowLongW
PostMessageW
EnableWindow
GetDlgItemTextW
LoadBitmapW
IsDlgButtonChecked
LoadIconW
MessageBoxW
WinHelpW
GetSystemMetrics

advapi32

LookupPrivilegeValueW
OpenThreadToken
AdjustTokenPrivileges
ImpersonateSelf
RegOpenKeyW
RegQueryValueExW
GetUserNameW
LookupAccountNameW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
GetTokenInformation
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW

oleaut32

SafeArrayGetLBound
SafeArrayGetElement
SysAllocStringByteLen
VariantChangeType
SafeArrayGetUBound
SysStringByteLen
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

ole32

CoCreateInstance
CoInitialize
StringFromCLSID

gdi32

GetTextExtentPointW
DeleteObject

shell32

ShellExecuteW

shlwapi

StrFormatByteSizeW

samlib

SamCloseHandle
SamFreeMemory
SamRemoveMemberFromGroup
SamEnumerateGroupsInDomain
SamQuerySecurityObject
SamSetSecurityObject
SamAddMemberToGroup
SamGetCompatibilityMode
SamiEncryptPasswords
SamiOemChangePasswordUser2
SamGetMembersInAlias
SamDeleteUser
SamCreateUserInDomain
SamiChangePasswordUser
SamQueryInformationAlias
SamQueryInformationUser
SamChangePasswordUser2

Sections

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JR
Size: 4KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sZYz
Size: 107KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bgLx
Size: 1KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 3KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mA
Size: 109KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce5b135f5dcc85fe141a8296a1a015ef

Headers

File Characteristics

Imports

mfc42u

msvcrt

atl

kernel32

user32

advapi32

oleaut32

ole32

gdi32

shell32

shlwapi

samlib

Sections

.text Size: 11KB - Virtual size: 12KB

.JR Size: 4KB - Virtual size: 364KB

.sZYz Size: 107KB - Virtual size: 187KB

.bgLx Size: 1KB - Virtual size: 246KB

.rdata Size: 3KB - Virtual size: 8KB

.J Size: 3KB - Virtual size: 255KB

.data Size: 6KB - Virtual size: 9KB

.mA Size: 109KB - Virtual size: 138KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 11KB - Virtual size: 12KB

.JR
Size: 4KB - Virtual size: 364KB

.sZYz
Size: 107KB - Virtual size: 187KB

.bgLx
Size: 1KB - Virtual size: 246KB

.rdata
Size: 3KB - Virtual size: 8KB

.J
Size: 3KB - Virtual size: 255KB

.data
Size: 6KB - Virtual size: 9KB

.mA
Size: 109KB - Virtual size: 138KB

.rsrc
Size: 9KB - Virtual size: 8KB