e90ed685b8f3723b0987eec9b362e804fe5339a1d99fec50428eb08893dbc23b

Sharing

Copy URL Twitter E-mail

General

Target

e90ed685b8f3723b0987eec9b362e804fe5339a1d99fec50428eb08893dbc23b
Size

11KB
MD5

4ae148c24d8758a35adc363eaffb4c57
SHA1

caeca4d830fff4554c24e74a0fe7766c4498a225
SHA256

e90ed685b8f3723b0987eec9b362e804fe5339a1d99fec50428eb08893dbc23b
SHA512

2d9b92fcf935d2c5caf6d2df8d438205134b2187cd343c5d50b40d75d8b553b2d22082a841962465b5e39d6e13c2a4b582c350bdad6b770b75f3f63bc6b008cb
SSDEEP

192:nBkIRWNJlN/bRe9NF9Nh0ABwKUiuOXJET0hId:BbWflJRe9H94ABHUiuOXJET0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e90ed685b8f3723b0987eec9b362e804fe5339a1d99fec50428eb08893dbc23b

Files

e90ed685b8f3723b0987eec9b362e804fe5339a1d99fec50428eb08893dbc23b
.exe windows x86

f170f991bac0a0a7c771ae1026569a57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl100.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@LStrToPChar$qqrx17System@AnsiString
@System@@LStrAddRef$qqrpv
@System@@LStrCmp$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrLen$qqrx17System@AnsiString
@System@@LStrFromString$qqrr17System@AnsiStringrx28System@%SmallString$iuc$255%
@System@@LStrFromChar$qqrr17System@AnsiStringc
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@HandleFinally$qqrv
@System@@PStrCpy$qqrp28System@%SmallString$iuc$255%t1
@System@@PStrNCat$qqrv
@System@ParamStr$qqri
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@ExtractFileDir$qqrx17System@AnsiString
@Sysutils@StrToInt64Def$qqrx17System@AnsiStringxj
@Sysutils@StrToIntDef$qqrx17System@AnsiStringi
@Sysutils@LowerCase$qqrx17System@AnsiString

kernel32

GetModuleHandleA
SetFileAttributesA
LoadLibraryA
GetProcAddress
GetFileAttributesA
GetCurrentProcess
FreeLibrary
CloseHandle

user32

SendMessageA

advapi32

RegSaveKeyA
RegReplaceKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f170f991bac0a0a7c771ae1026569a57

Headers

File Characteristics

Imports

rtl100.bpl

kernel32

user32

advapi32

Sections

.text Size: 1KB - Virtual size: 1KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 28B

.bss Size: - Virtual size: 36B

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 256B

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 1KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 28B

.bss
Size: - Virtual size: 36B

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 256B

.rsrc
Size: 4KB - Virtual size: 4KB