6c61ac235b90b7b501aacc955148416c

Sharing

Copy URL Twitter E-mail

General

Target

6c61ac235b90b7b501aacc955148416c
Size

19KB
MD5

6c61ac235b90b7b501aacc955148416c
SHA1

6d6925b551fdc8867436541a2442ab44568c6046
SHA256

3f27b31623c17ff92f67ad533ffbf84545f4c81278c5f0b3551db08a257c2c6a
SHA512

bc371dfb505b287dcfa064236aac3c72dacdd6fb8eb63fc679290f38e246cb282fee09ed8173861efbf1a25eff7df5012ffb65cde8dd195980b871166b8cb108
SSDEEP

384:aWrbQhOzBEmXd1byPHRRKyz49l9Bca2Akor7XC7:hrdKmtEZRRE9Bca/K7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c61ac235b90b7b501aacc955148416c

Files

6c61ac235b90b7b501aacc955148416c
.exe windows:4 windows x86 arch:x86

ae8ba02c503390040ce5b4933e355ee7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl100.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@LStrToPChar$qqrx17System@AnsiString
@System@@LStrAddRef$qqrpv
@System@@LStrCmp$qqrv
@System@@LStrCatN$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrFromArray$qqrr17System@AnsiStringpci
@System@@LStrFromPCharLen$qqrr17System@AnsiStringpci
@System@@LStrLAsg$qqrpvpxv
@System@@LStrAsg$qqrpvpxv
@System@@LStrArrayClr$qqrpvi
@System@@LStrClr$qqrpv
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@TryFinallyExit$qqrv
@System@@DoneExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleAnyException$qqrv
@System@TObject@Dispatch$qqrpv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@Free$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrp17System@TMetaClass
@System@@FillChar$qqrpvic
@System@@FreeMem$qqrpv
@System@AllocMem$qqrui
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TDataModule@ReadState$qqrp15Classes@TReader
@Classes@TDataModule@DefineProperties$qqrp14Classes@TFiler
@Classes@TDataModule@DoDestroy$qqrv
@Classes@TDataModule@DoCreate$qqrv
@Classes@TDataModule@BeforeDestruction$qqrv
@Classes@TDataModule@AfterConstruction$qqrv
@Classes@TDataModule@$bctr$qqrp18Classes@TComponent
@Classes@TComponent@QueryInterface$qqsrx5_GUIDpv
@Classes@TComponent@UpdateRegistry$qqrp17System@TMetaClassox17System@AnsiStringt3
@Classes@TComponent@SafeCallException$qqrp14System@TObjectpv
@Classes@TComponent@SetName$qqrx17System@AnsiString
@Classes@TComponent@ValidateRename$qqrp18Classes@TComponentx17System@AnsiStringt2
@Classes@TComponent@WriteState$qqrp15Classes@TWriter
@Classes@TComponent@Loaded$qqrv
@Classes@TComponent@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Classes@TPersistent@AssignTo$qqrp19Classes@TPersistent
@Classes@TPersistent@Assign$qqrp19Classes@TPersistent
@Classes@TStringList@
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@StrLen$qqrpxc
@Sysutils@ExtractFilePath$qqrx17System@AnsiString
@Sysutils@FileExists$qqrx17System@AnsiString
@Sysutils@IntToStr$qqri
@Sysutils@Trim$qqrx17System@AnsiString
@Sysutils@CompareText$qqrx17System@AnsiStringt1
@Sysutils@LowerCase$qqrx17System@AnsiString
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv

kernel32

GetModuleHandleA
TerminateProcess
OpenProcess
GetProcAddress
GetModuleHandleA
FreeLibrary
CloseHandle
Sleep
ProcessIdToSessionId
WTSGetActiveConsoleSessionId

vcl100.bpl

@Svcmgr@initialization$qqrv
@Svcmgr@Finalization$qqrv
@Svcmgr@TService@DoCustomControl$qqrui
@Svcmgr@TService@DoShutdown$qqrv
@Svcmgr@TService@DoInterrogate$qqrv
@Svcmgr@TService@DoContinue$qqrv
@Svcmgr@TService@DoPause$qqrv
@Svcmgr@TService@DoStop$qqrv
@Svcmgr@TService@DoStart$qqrv
@Svcmgr@TService@Controller$qqrui
@Svcmgr@TService@GetTerminated$qqrv
@Svcmgr@TService@$bdtr$qqrv
@Svcmgr@TService@$bctr$qqrp18Classes@TComponenti
@Svcmgr@TServiceThread@ProcessRequests$qqro
@Svcmgr@Application
@$xp$15Svcmgr@TService
@Svcmgr@TService@
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@GetExeName$qqrv
@Forms@TApplication@ProcessMessages$qqrv
@Forms@Application
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv

advapi32

SetTokenInformation
OpenProcessToken
LookupPrivilegeValueA
LookupAccountSidA
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
AdjustTokenPrivileges

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae8ba02c503390040ce5b4933e355ee7

Headers

File Characteristics

Imports

rtl100.bpl

kernel32

vcl100.bpl

advapi32

userenv

wtsapi32

Sections

.text Size: 7KB - Virtual size: 6KB

.itext Size: 512B - Virtual size: 348B

.data Size: 512B - Virtual size: 72B

.bss Size: - Virtual size: 88B

.idata Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 788B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.itext
Size: 512B - Virtual size: 348B

.data
Size: 512B - Virtual size: 72B

.bss
Size: - Virtual size: 88B

.idata
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 788B

.rsrc
Size: 1KB - Virtual size: 1KB