RekSpacer73exe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RekSpacer73exe.exe
Size

1.1MB
MD5

9ccd19239b84d79befc755a8de17defc
SHA1

f68b60967def51523f37ab5019aa99592515db04
SHA256

c780abf86f16f5566261d91132d14f32051a755dd3b96d52edcb612a6a403229
SHA512

11ac48825621bce913a534580aa33916f9e5cbe83d3b7425577c7126633beae0065d9a17221edf1cd85b8c8d8a96a4b67f14a8b894b76d850ca5a1cb9203437a
SSDEEP

12288:WkauHfOa9BhEVOcbEVjg4QqHzWTg3R0YoxZOcvFyKCBy5KDicoKv:WkB/prhsOcbsHSTgB0lxYcpCBy5uL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RekSpacer73exe.exe

Files

RekSpacer73exe.exe
.exe windows x86

f8a0483e7136d1985ce6b592fa4cb7d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_except_handler3
_controlfp

mpr

WNetCloseEnum

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

EnterCriticalSection
InitializeCriticalSection
GetCommandLineA
GetCPInfo
IsValidCodePage
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpA
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateThread
DeleteCriticalSection
EnumCalendarInfoA
ExitThread
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetDateFormatA
GetDiskFreeSpaceA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocaleInfoA
GetTickCount
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemInfo
GetSystemTime
GetThreadLocale
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcpyA
lstrcpynA
lstrlenA
MulDiv
MultiByteToWideChar
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
ExitProcess
LeaveCriticalSection
LoadLibraryA
GetLocalTime

user32

EndPaint
EnumClipboardFormats
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetCaretPos
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDCEx
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
EndDeferWindowPos
GetKeyState
GetLastActivePopup
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageTime
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsCharAlphaA
IsCharAlphaNumericA
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindowEx
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTextA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
WinHelpA
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckMenuItem
ClientToScreen
CloseClipboard
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawTextA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
GetKeyNameTextA

winspool.drv

SetPortA
XcvDataW
SetFormW
SetFormA
PrinterMessageBoxW
PrinterMessageBoxA
WaitForPrinterChange
SetPrinterDataExW
SetPrinterDataExA
SetPrinterDataW
DocumentPropertiesW
PrinterProperties
ScheduleJob
ReadPrinter
SetPortW
StartPagePrinter
StartDocPrinterW
StartDocPrinterA
GetPrinterDriverDirectoryW
GetPrinterDriverDirectoryA
GetPrinterDriverW
GetPrinterDriverA
GetPrinterW
SetPrinterW
SetPrinterA
SetJobW
SetJobA
ResetPrinterW
ResetPrinterA
OpenPrinterW
OpenPrinterA
EnumPrintersW
WritePrinter

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerW
ReportEventA
ReportEventW
RevertToSelf
SetAclInformation
SetFileSecurityA
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetServiceObjectSecurity
SetServiceStatus
SetThreadToken
SetTokenInformation
StartServiceA
StartServiceW
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA

oleaut32

VariantInit
VariantCopyInd
VariantClear
VariantChangeTypeEx
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SafeArrayRedim
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rek73
Size: 599KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8a0483e7136d1985ce6b592fa4cb7d7

Headers

File Characteristics

Imports

msvcrt

mpr

version

kernel32

user32

winspool.drv

comdlg32

advapi32

oleaut32

Sections

.text Size: 444KB - Virtual size: 440KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 14.0MB

.tls Size: 4KB - Virtual size: 20B

.rsrc Size: 32KB - Virtual size: 32KB

.rek73 Size: 599KB - Virtual size: 600KB

.text
Size: 444KB - Virtual size: 440KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 14.0MB

.tls
Size: 4KB - Virtual size: 20B

.rsrc
Size: 32KB - Virtual size: 32KB

.rek73
Size: 599KB - Virtual size: 600KB