785749a2c18717cb83ffd5616dfe1fcd

Sharing

Copy URL Twitter E-mail

General

Target

785749a2c18717cb83ffd5616dfe1fcd
Size

849KB
MD5

785749a2c18717cb83ffd5616dfe1fcd
SHA1

30d3e42237b65c979748cee18488e1412d66de4a
SHA256

1f74287fb4c781f9acf3b58644e7ae210f1f77c798e02447ef123a49f4aba335
SHA512

099b25560f186a448d79cdbfd26252d6ed9c23c376648fc3be22c470c1b2ed4a7f41517e5ab3176d1b2991bc52e91f335d2e295a6ccd7e761cd557d0ccbfa958
SSDEEP

12288:6bKDrTumZXIMV/xX5B8DeHNl7SsOt+UE2vPN99P/o+xuqn6Bb:GKDvucYOh/zEsOvJHN99Pw8u+6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
785749a2c18717cb83ffd5616dfe1fcd

Files

785749a2c18717cb83ffd5616dfe1fcd
.exe windows:5 windows x86 arch:x86

cea5d98427b31204637987a5f8e16b96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RapportMgmtService.pdb

Imports

rapportutil

0037
023e
0341
01cb
0413
029c
0206
0228
026e
021c
0224
0221
025e
00b1
0082
00c4
0065
0006
0138
01a8
0182
0183
020a
020c
0173
0174
0270
0246
02a1
00b4
01b6
02ea
0472
046f
0167
028f
0424
01ec
0444
034d
035e
02fc
02b3
01ac
0303
0227
035c
01df
0090
0096
0160
001f
002c
016e
00af
005a
01c4
041b
01c0
01bf
041c
029a
02c6
0300
01e8
0097
01e4
010b
002d
02d9
01f0
001a
008e
0268
02a5
023a
0239
0358
0094
0093
011c
0190
0146
011a
0223
0324
01be
01f6
022b
0414
0468
0465
0466
0335
0320
0332
0331
019d
0330
032e
0328
0308
0315
031c
0327
0326
0251
01bd
043a
031b
0161
02de
01f5
0241
01db
021b
0336
0333
0319
003d
0249
025b
025c
0323
01ee
0294
0429
0445
025d
0247
01f7
01cc
0422
0210
017b
0084
0230
0280
018e
0185
019a
00ae
0057
0248
02e5
02e6
031f
0318
031a
024d
01de
01a2
0209
02c8
0352
0208
02e7
02cf
0212
015f
01e6
016b
018f
01d1
042c
032b
01ed
0216
0197
0217
0487
0488
0038
009b
022c
000d
02cb
0086
003a
0172
009c
011b
02f5
0050
00a9
02b7

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

advapi32

CryptGenRandom
OpenProcessToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserA
ConvertStringSidToSidW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
CryptEncrypt
CryptAcquireContextW
CryptGenKey
CryptReleaseContext
CryptImportKey
CryptExportKey
CryptDestroyKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
AllocateAndInitializeSid
EqualSid
FreeSid
ConvertSidToStringSidA

kernel32

UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetProcessHeap
lstrcatW
lstrcpyW
FileTimeToLocalFileTime
OpenEventA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
Sleep
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetTickCount
CreateThread
CloseHandle
ProcessIdToSessionId
TerminateProcess
OpenProcess
GetModuleFileNameA
GetProcessTimes
GetExitCodeProcess
GetCurrentProcessId
GetModuleHandleW
GetCurrentThreadId
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
GetModuleHandleA
QueryPerformanceFrequency
SetLastError
GetFileAttributesW
InterlockedExchange
GetSystemTime
OutputDebugStringA
GetCurrentThread
SleepEx
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
CreateProcessA
FreeLibrary
DeleteFileA
GetProcessId
CreateFileA
TlsGetValue
TlsAlloc
GetModuleFileNameW
VirtualQuery
RtlCaptureContext
GetSystemInfo
LocalFree
QueryDosDeviceA
LoadLibraryExA
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
MoveFileW
CopyFileW
CreateDirectoryW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindNextFileA
FindFirstFileA
CompareFileTime
FlushInstructionCache
VirtualProtect
InterlockedExchangeAdd
SetEvent
WaitForMultipleObjects
ResetEvent
SetWaitableTimer
CancelWaitableTimer
CreateEventW
CreateWaitableTimerW
DeviceIoControl
CreateFileW
ReadFile
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameW
GetSystemTimeAsFileTime
lstrlenA
GetVolumeInformationA
FileTimeToSystemTime
CreateProcessW
GetFileAttributesA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
IsWow64Process
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
GetFullPathNameW
lstrlenW

user32

MessageBoxA
GetKeyboardLayoutList
wsprintfW

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoSetProxyBlanket
CoCreateInstance
OleRun
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
GetErrorInfo

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0strstreambuf@std@@QAE@H@Z
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

msvcr80

wcsncat_s
swscanf_s
qsort
_except_handler3
exit
fprintf
_filelength
fread
feof
fflush
ceil
??_V@YAXPAX@Z
strcat_s
vsprintf_s
_gmtime64_s
wcsspn
_strlwr_s
wcschr
_wmakepath_s
_wsplitpath_s
_wcsnicmp
ftell
fseek
ferror
rand
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_vsnprintf
?terminate@@YAXXZ
_crt_debugger_hook
getenv_s
_fileno
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
memmove_s
memcpy_s
__RTDynamicCast
strrchr
atol
_wcsicmp
atoi
_snprintf_s
strcpy_s
memset
_localtime64_s
_time64
strftime
_itoa_s
_atoi64
strstr
free
_strdup
malloc
strncpy
strchr
strncpy_s
_get_errno
_errno
memcpy
strtok_s
isspace
fclose
_tzset
printf
_vsnprintf_s
tolower
calloc
fwrite
toupper
sscanf_s
_stricmp
wcscat_s
wcsstr
wcscpy_s
wcsncpy_s
__iob_func
strncat_s
swprintf_s
wcsrchr
_snwprintf_s
sprintf_s
_waccess
_wfullpath
_wstat64i32
_wfopen
_wfopen_s
_set_errno
_wchmod

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW

shlwapi

SHDeleteKeyW
PathAppendA
AssocQueryStringA

psapi

GetModuleInformation
EnumProcesses
GetModuleFileNameExA

wininet

InternetSetOptionW
InternetSetOptionA
HttpQueryInfoW
InternetCloseHandle
InternetCrackUrlA
InternetReadFileExA
HttpQueryInfoA
InternetSetStatusCallbackA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetGetConnectedState
InternetConnectA

wsock32

ioctlsocket
WSAStartup
WSACleanup
ntohl
gethostname
gethostbyname
inet_addr
WSAGetLastError
htons
htonl

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tsotext
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsodef
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsodata
Size: 4KB - Virtual size: 62B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pgsig
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsocons
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cea5d98427b31204637987a5f8e16b96

Headers

File Characteristics

PDB Paths

Imports

rapportutil

wtsapi32

userenv

advapi32

kernel32

user32

shell32

ole32

oleaut32

msvcp80

msvcr80

version

shlwapi

psapi

wininet

wsock32

Sections

.text Size: 536KB - Virtual size: 532KB

.tsotext Size: 12KB - Virtual size: 11KB

.rdata Size: 204KB - Virtual size: 201KB

.data Size: 16KB - Virtual size: 24KB

.tsodef Size: 32KB - Virtual size: 32KB

.tsodata Size: 4KB - Virtual size: 62B

.pgsig Size: 4KB - Virtual size: 9B

.tsocons Size: 24KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 536KB - Virtual size: 532KB

.tsotext
Size: 12KB - Virtual size: 11KB

.rdata
Size: 204KB - Virtual size: 201KB

.data
Size: 16KB - Virtual size: 24KB

.tsodef
Size: 32KB - Virtual size: 32KB

.tsodata
Size: 4KB - Virtual size: 62B

.pgsig
Size: 4KB - Virtual size: 9B

.tsocons
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 10KB