c3912b12ae21894649212e1ce0e886e3b82584d2f30683055eaeb6ff644905c0

Sharing

Copy URL Twitter E-mail

General

Target

c3912b12ae21894649212e1ce0e886e3b82584d2f30683055eaeb6ff644905c0
Size

190KB
MD5

c4c7e6f8c161fbfb53c24acc114f5053
SHA1

1cf35847a2b211272d945e1a57eeb814e766fb66
SHA256

c3912b12ae21894649212e1ce0e886e3b82584d2f30683055eaeb6ff644905c0
SHA512

055eb6c59480acda3819ee2b3a2eec462da20ec3fd30db8bc5265bb0d206529749c764b03788b3547999ea8d8d7cbc4cb55f5375e92adf14df7251c1f807a2f8
SSDEEP

3072:0tB/yL7nxjp+Zt7ai2Nl0aLVbQmcL/MGRQ46btPrUUx6OF:0B/yL7xYZAi270aR5PL5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3912b12ae21894649212e1ce0e886e3b82584d2f30683055eaeb6ff644905c0

Files

c3912b12ae21894649212e1ce0e886e3b82584d2f30683055eaeb6ff644905c0
.dll windows x86

6f8979c471c18d9381a90bde3034a893

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

borlndmm

ord2

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetEndOfFile
SetEvent
SetFilePointer
Sleep
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

cc3260mt

@$bdele$qpv
@_InitTermAndUnexPtrs$qv
__ErrorExit
__ErrorMessage
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argv_default_expand
__free_heaps
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__startupd
__wargv_default_expand
_memcpy

Exports

Exports

@@Plccmdtest@Finalize
@@Plccmdtest@Initialize
PLC_CmdTest
___CPPdebugHook

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f8979c471c18d9381a90bde3034a893

Headers

File Characteristics

Imports

borlndmm

advapi32

kernel32

user32

oleaut32

cc3260mt

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 168KB

.data Size: 3KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: 9KB - Virtual size: 12KB

.text
Size: 168KB - Virtual size: 168KB

.data
Size: 3KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 12KB