RejSpacer72[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RejSpacer72.exe
Size

1.1MB
MD5

bd481fbe21d690f2e15243f233fe1f92
SHA1

afd3b8d8c9e75b748d759e7fa73d5a1470e08a13
SHA256

cb6f91dc0ef15705a4449ece2ee7324c9e24a75dbf852651d095179dcaf2739b
SHA512

8a4790612726cf81ea5b22bec9a18f29cf89c2afa8b8682ce53bcce54aaf112db3e3d219aa6d5996b1ef79269ec5946210c67eba4fc12932b993b90839dfbc41
SSDEEP

24576:QhIpFgNyp/e06M4Vn5JL/OJoHG87aq9lWVJ:kwvN4V5J3J2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RejSpacer72.exe

Files

RejSpacer72.exe
.exe windows x86

3f2006d9b17c723390231c41f4f937e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__setusermatherr
_except_handler3

mpr

WNetCloseEnum

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

InitializeCriticalSection
GetCommandLineA
GetCPInfo
IsValidCodePage
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpA
CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnumCalendarInfoA
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetDateFormatA
GetDiskFreeSpaceA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemInfo
GetSystemTime
GetThreadLocale
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcpyA
lstrcpynA
lstrlenA
MulDiv
MultiByteToWideChar
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
GetTickCount
ExitProcess
LeaveCriticalSection
LoadLibraryA
GetLocalTime

user32

EnumClipboardFormats
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDCEx
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetKeyNameTextA
GetKeyState
EndPaint
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageTime
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindowEx
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTextA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
WinHelpA
ActivateKeyboardLayout
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
GetLastActivePopup

winspool.drv

SetPortA
XcvDataW
SetFormW
SetFormA
ClosePrinter
PrinterMessageBoxW
PrinterMessageBoxA
WaitForPrinterChange
SetPrinterDataExW
SetPrinterDataExA
SetPortW
DocumentPropertiesW
PrinterProperties
ScheduleJob
ReadPrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
StartDocPrinterA
GetPrinterDriverDirectoryW
GetPrinterDriverDirectoryA
GetPrinterDriverW
GetPrinterDriverA
SetPrinterDataW
GetPrinterW
SetPrinterW
SetPrinterA
SetJobW
SetJobA
ResetPrinterW
ResetPrinterA
OpenPrinterW
OpenPrinterA
EnumPrintersW

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

GetOldestEventLogRecord
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerW
ReportEventA
ReportEventW
RevertToSelf
SetAclInformation
SetFileSecurityA
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetServiceObjectSecurity
SetServiceStatus
SetThreadToken
SetTokenInformation
StartServiceW
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA
StartServiceA

ole32

OleFlushClipboard

oleaut32

VariantInit
VariantCopyInd
VariantClear
VariantChangeTypeEx
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SafeArrayRedim
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 19B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rej72
Size: 599KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f2006d9b17c723390231c41f4f937e2

Headers

File Characteristics

Imports

msvcrt

mpr

version

kernel32

user32

winspool.drv

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 444KB - Virtual size: 440KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 14.0MB

.tls Size: 4KB - Virtual size: 19B

.rsrc Size: 52KB - Virtual size: 52KB

.rej72 Size: 599KB - Virtual size: 600KB

.text
Size: 444KB - Virtual size: 440KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 14.0MB

.tls
Size: 4KB - Virtual size: 19B

.rsrc
Size: 52KB - Virtual size: 52KB

.rej72
Size: 599KB - Virtual size: 600KB