962ae16d9fd2e0d0fc2b3633c89eee25

Sharing

Copy URL

Twitter E-mail

General

Target

962ae16d9fd2e0d0fc2b3633c89eee25
Size

433KB
MD5

962ae16d9fd2e0d0fc2b3633c89eee25
SHA1

74efaf082b4df2b73a00e458253f7aa33c9e8692
SHA256

6392d9515392503372e9e8636366bd567de780428836a01980125221305bc466
SHA512

35817be7f6eadb72665f0eabfb4bc779008b18a6919648402b2f6cdaada54b5005bdda14e5e9dd95785ca450eb2e222b1ab93bd37fb4af28eaddbb90d0065f4e
SSDEEP

12288:0t17xaWO7nd0QoHjCZLP07m3oyTddf0ubjht3gtp:0t179CKNOb0HyTL8oVetp

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3135430758/BRCC32.EXE
unpack001/3135430758/ExeLock.EXE
unpack001/3135430758/PassDialog.EXE

Files

962ae16d9fd2e0d0fc2b3633c89eee25
.rar
3135430758/1.RC
3135430758/1.RES
3135430758/BRCC32.EXE
.exe windows:1 windows x86 arch:x86

682aa0be3cc15906910c8a553f58e038

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
CreateFileA
CreateThread
GetVersionExA
DeleteFileA
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentThread
CloseHandle
GetDateFormatA
GetVolumeInformationA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemInfo
GetThreadPriority
GetUserDefaultLangID
FileTimeToDosDateTime
CreateDirectoryA
FileTimeToLocalFileTime
GlobalMemoryStatus
GetDriveTypeA
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MultiByteToWideChar
OutputDebugStringA
RaiseException
ReadFile
RemoveDirectoryA
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetFileTime
SetHandleCount
SetThreadPriority
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
_lclose
_lopen
lstrcmpiA
lstrcpyA
lstrlenA
GetVersion

user32

OemToCharA
LoadStringA
GetSystemMetrics
EnumThreadWindows
CharUpperBuffA
CharUpperA
MessageBoxA
CharToOemA
CharLowerA

Exports

Exports

@EVENTMGRINIT$QUL
@RxCompileStatusImpl@BatchUpdateBegin$qqsv
@RxCompileStatusImpl@BatchUpdateEnd$qqsv
@RxCompileStatusImpl@ErrorOrWarning$qqs11RWErrorTypepxcll5RCERRt2ri
@RxCompileStatusImpl@SetCurrentSource$qqspxcri
@RxCompileStatusImpl@SetCurrentThing$qqspxct1ri
@RxCompileStatusImpl@SetLineNumbers$qqsllri
@RxCompileStatusImpl@TrackCurrentStatus$qqsi
@RxCompileStatusImpl@TrackingCurrentStatus$qqsri
__GetExceptDLLinfo
___CPPdebugHook

Sections

CODE
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3135430758/CleanUp.bat
3135430758/Compress_LH5.pas
3135430758/Dialog.dfm
3135430758/Dialog.pas
3135430758/Encrypt_Base64.pas
3135430758/ExeLock.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3135430758/ExeLock.cfg
3135430758/ExeLock.dof
3135430758/ExeLock.dpr
3135430758/ExeLock.res
3135430758/Func.pas
3135430758/Login.dfm
3135430758/Login.pas
3135430758/Main.ddp
3135430758/Main.dfm
3135430758/Main.pas
3135430758/PassDialog.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 115KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.locked
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3135430758/PassDialog.btl
3135430758/PassDialog.cfg
3135430758/PassDialog.dof
3135430758/PassDialog.dpr
3135430758/PassDialog.res
3135430758/Password.dfm
3135430758/Password.pas
3135430758/Preview.dfm
3135430758/Preview.pas
3135430758/ProjectGroup1.bpg
3135430758/RES/BLACK.ICO
3135430758/RES/BUZY.BMP
3135430758/RES/FILEDIR.BMP
3135430758/RES/FILELOCK.BMP
3135430758/RES/FILELOCK.GIF
.gif
3135430758/RES/FILELOCK.JPG
.jpg
3135430758/RES/FILEOPEN.BMP
3135430758/RES/Locked.ico
3135430758/RES/NONE.ICO
3135430758/RES/OK.BMP
3135430758/RES/PREVIEW.BMP
3135430758/RES/smalllock.BMP
3135430758/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

682aa0be3cc15906910c8a553f58e038

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

CODE Size: 110KB - Virtual size: 112KB

DATA Size: 24KB - Virtual size: 40KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 1024B - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 8KB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

CODE Size: 436KB - Virtual size: 435KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 6KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 33KB - Virtual size: 33KB

.rsrc Size: 164KB - Virtual size: 164KB

Headers

File Characteristics

Sections

CODE Size: 115KB - Virtual size: 264KB

DATA Size: 1KB - Virtual size: 4KB

BSS Size: - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 8KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 16KB

.locked Size: 6KB - Virtual size: 8KB

.data Size: - Virtual size: 4KB

CODE
Size: 110KB - Virtual size: 112KB

DATA
Size: 24KB - Virtual size: 40KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 17KB - Virtual size: 20KB

CODE
Size: 436KB - Virtual size: 435KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 164KB - Virtual size: 164KB

CODE
Size: 115KB - Virtual size: 264KB

DATA
Size: 1KB - Virtual size: 4KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 8KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 16KB

.locked
Size: 6KB - Virtual size: 8KB

.data
Size: - Virtual size: 4KB