692e76f2b3d1d7d501c6a1f832aa4ca020a6a50178d753a3bd2f70fb5c08c85e

Sharing

Copy URL Twitter E-mail

General

Target

692e76f2b3d1d7d501c6a1f832aa4ca020a6a50178d753a3bd2f70fb5c08c85e
Size

24KB
MD5

bff8457bc74366a7b35a4131fced8cdb
SHA1

6c85d3347295fb8c0eec96b5b62305bd099aa2a7
SHA256

692e76f2b3d1d7d501c6a1f832aa4ca020a6a50178d753a3bd2f70fb5c08c85e
SHA512

51255be6f139de8b2f47f9158ce045ff515476b5d2029fbf66ce6df680dd3d523ae7547342e9723a1b8f1e047558a42bb545186c29d8b916c08a93e9f6df1a23
SSDEEP

384:reg1yr1x0a0rEckLUTPy80EY8kQJ/24PohID:reg1GqEA0EYkJOY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
692e76f2b3d1d7d501c6a1f832aa4ca020a6a50178d753a3bd2f70fb5c08c85e

Files

692e76f2b3d1d7d501c6a1f832aa4ca020a6a50178d753a3bd2f70fb5c08c85e
.dll windows x86

4e4ae8bb354f0cfd24cef892f0ea1ea5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtl60.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindHInstance$qqrpv
@System@@VarClear$qqrr14System@Variant
@System@@WStrFromPWChar$qqrr17System@WideStringpb
@System@@WStrClr$qqrpv
@System@@LStrSetLength$qqrv
@System@@LStrPos$qqrv
@System@@LStrCmp$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrFromWStr$qqrr17System@AnsiStringx17System@WideString
@System@@LStrFromPChar$qqrr17System@AnsiStringpc
@System@@LStrAsg$qqrpvpxv
@System@@LStrClr$qqrpv
@System@@HandleFinally$qqrv
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx21System@TMemoryManager
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Comconst@initialization$qqrv
@Comconst@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Imagehlp@initialization$qqrv
@Imagehlp@Finalization$qqrv

borlndmm

ord2

imagehlp

ImageDirectoryEntryToData

kernel32

CreateToolhelp32Snapshot
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetVersion
HeapAlloc
HeapFree
LoadLibraryA
Module32First
Module32Next
VirtualQuery
WriteProcessMemory
lstrcmpiA

gdi32

ExtTextOutA
TextOutA
TextOutW

user32

CallNextHookEx
FindWindowA
FindWindowExA
GetScrollInfo
InvalidateRect
SendMessageA
SetActiveWindow
SetForegroundWindow
SetWindowPos
SetWindowsHookExA
UnhookWindowsHookEx
UpdateWindow

cc3260mt

@$bdele$qpv
@_InitTermAndUnexPtrs$qv
__ErrorExit
__ErrorMessage
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argv_default_expand
__free_heaps
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__startupd
__wargv_default_expand
_memcpy
_vsnprintf

Exports

Exports

GetMoraData
InstallHook
SetWindowHandle
UninstallHook
___CPPdebugHook

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHSEG
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e4ae8bb354f0cfd24cef892f0ea1ea5

Headers

File Characteristics

Imports

rtl60.bpl

borlndmm

imagehlp

kernel32

gdi32

user32

cc3260mt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

SHSEG Size: 1024B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

SHSEG
Size: 1024B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB