$R0NBPOI[.]EXE[.]zip

General

Target

$R0NBPOI.EXE.zip
Size

248KB
MD5

048905e0421dc530b8f5ab734a1ed691
SHA1

884ac77f827d96981d43d21f1258dae01867c40a
SHA256

5771b4fda45144e54644ac13e4380126b00f2a85ee5049aaf1770e0dca0d696e
SHA512

e677bdcb5b8392ecd76daefeb2fd72d6198437bf4f0b760c0bbafeb944ab83c7cd168efa2e51d6b100ce5c3db26acf9cd1b4de6d865ed4dafb567792be8f093e
SSDEEP

6144:cISjhM/4ETNaGmtMdUgbbH/nmSw7euzjg/qe:cnhSzTNaGJdUwz/ncjo/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$R0NBPOI.EXE

Files

$R0NBPOI.EXE.zip
.zip

Password: infected
$R0NBPOI.EXE
.exe windows:4 windows x86

Password: infected

9be4a56b3b677b317fdd9d08b583bdc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetLastError
LocalFree
FormatMessageA
LoadLibraryA
TerminateProcess
OpenProcess
CloseHandle
GetModuleHandleA
WriteFile
CreateProcessA
GetProcAddress
FreeLibrary
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
FindFirstFileA
MoveFileExA
FindClose
DeleteFileA
WaitForSingleObject
lstrcmpiA
GetShortPathNameA
GetVersionExA
lstrcatA
lstrcpyA
lstrlenA
CreateFileA
MoveFileA
GetTempFileNameA
CopyFileA
GetWindowsDirectoryA
Sleep
MultiByteToWideChar
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
SetEndOfFile
ReadFile
GetStringTypeW
GetStringTypeA
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
GetModuleFileNameA
HeapDestroy
GetFileType
LCMapStringA
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetStdHandle
FlushFileBuffers
HeapCreate
VirtualFree
RtlUnwind
SetFilePointer
VirtualAlloc
SetStdHandle

user32

wsprintfA
MessageBoxA
LoadStringA

advapi32

CloseServiceHandle
QueryServiceStatus
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenServiceA
RegSetValueExA
StartServiceA
OpenSCManagerA
ControlService

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9be4a56b3b677b317fdd9d08b583bdc8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 259KB - Virtual size: 259KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 259KB - Virtual size: 259KB