43a2809c267a22995b4750e1e3cc765649a03e2af7ff4af335bd43ca47987ff9

Sharing

Copy URL Twitter E-mail

General

Target

43a2809c267a22995b4750e1e3cc765649a03e2af7ff4af335bd43ca47987ff9
Size

328KB
MD5

7596b432965f2f12ce725202370720f0
SHA1

93a05d06f66968383bb796a020d240e273ff8838
SHA256

43a2809c267a22995b4750e1e3cc765649a03e2af7ff4af335bd43ca47987ff9
SHA512

b0f5ea1b895165dcdbf16a4596b5579ec60799b376e43fb02241ac64e6bb48ed5562ccc8e9e9a7d5b4870863fa9ee428622bf439f9854abed28e441c0958658a
SSDEEP

6144:YvvIDzt9o3pCjiSIW53Dgl8rEx+pMPQzNSdKhB8opv7UJfl9:SEzvo6ifA3Dgl8rExQMP2NSduPTUP9

Score

N/A

Malware Config

Signatures

Files

43a2809c267a22995b4750e1e3cc765649a03e2af7ff4af335bd43ca47987ff9
.exe windows x86

bf98fe93afce55416fc52a300acf7655

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtk

RTKClientLocateMethodSet
RTKClientIllegibleSet
RTKClientLanguageSet
RTKClientLanguageGet
RTKClientDictUserSet
RTKClientDictUserGet
RTKClientExport
RTKPageRecognize
RTKPageLocate
RTKPageLocateCancel
RTKPageDeskew
RTKPageDeskewCancel
RTKPageAutoRotate
RTKPageProgressGet
RTKPageRecognizeCancel
RTKPageAutoRotateCancel
RTKClientPageInsert
RTKPageImageGet
RTKImageFileRead
RTKClientPageDelete
RTKClientPageTotalGet
RTKClientPageNLock
RTKClientLocateMethodGet
RTKClientPageNUnlock
RTKClientDestroy
RTKTerm
RTKInit
RTKAbout
RTKClientRecognizeMethodSet
RTKClientIllegibleGet
RTKClientLocatePicturesGet
RTKClientRecognizeMethodGet
RTKClientLocatePicturesSet
RTKClientCreate

kernel32

GetEnvironmentStringsW
HeapCreate
FlushFileBuffers
RaiseException
CompareStringW
SetEnvironmentVariableA
CompareStringA
CreateDirectoryA
SetStdHandle
WideCharToMultiByte
lstrlenW
OutputDebugStringA
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DebugBreak
InterlockedDecrement
MultiByteToWideChar
lstrlenA
RemoveDirectoryA
CreateThread
CloseHandle
DeleteFileA
ReadFile
GetFileSize
CreateFileA
GetTempFileNameA
GetTempPathA
GetSystemDefaultLCID
GetCurrentThreadId
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
GlobalUnlock
GlobalLock
FormatMessageA
lstrcpyA
lstrcmpA
FlushInstructionCache
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateEventA
Sleep
lstrcmpiA
GetCommandLineA
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
SizeofResource
GetLastError
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
lstrcatA
LoadLibraryW
GetVersionExA
GetLocaleInfoA
GetFileAttributesA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStringTypeA
LCMapStringW
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
LocalFree
SetFilePointer
LCMapStringA
IsBadCodePtr
GetStringTypeW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
WriteFile
GetFileType
SetUnhandledExceptionFilter
SetHandleCount
IsBadReadPtr
GetStdHandle

user32

GetClassNameA
GetActiveWindow
MessageBoxA
GetMessageA
CharNextA
PostThreadMessageA
CharLowerA
GetKeyboardLayout
CreateWindowExA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
wsprintfA
GetParent
GetDesktopWindow
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
GetSysColor
GetWindowTextA
SetWindowLongA
GetWindow
GetDC
GetWindowLongA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateDialogIndirectParamA
PeekMessageA
IsDialogMessageA
DispatchMessageA
SetWindowTextA
SendMessageA
SystemParametersInfoA
GetWindowRect
MoveWindow
SetForegroundWindow
UpdateWindow
SetFocus
SetDlgItemTextA
GetDlgItem
DestroyWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadStringA
ReleaseDC
GetWindowTextLengthA
IsWindow

gdi32

DeleteDC
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA

ole32

OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
ProgIDFromCLSID
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleRun
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoTaskMemFree

oleaut32

VariantCopy
LoadRegTypeLi
OleCreatePropertyFrame
OleCreateFontIndirect
SysAllocStringByteLen
VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
VariantChangeType
GetErrorInfo
LoadTypeLi
SysStringByteLen
DispCallFunc
RegisterTypeLi
VariantClear
CreateErrorInfo
SetErrorInfo
VarUI4FromStr

comctl32

ord17

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf98fe93afce55416fc52a300acf7655

Headers

File Characteristics

Imports

rtk

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 76KB - Virtual size: 72KB

.rrdata Size: 76KB - Virtual size: 76KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 76KB - Virtual size: 72KB

.rrdata
Size: 76KB - Virtual size: 76KB