ab618c7206428c2877e9f9bef999424a

Sharing

Copy URL Twitter E-mail

General

Target

ab618c7206428c2877e9f9bef999424a
Size

700KB
MD5

ab618c7206428c2877e9f9bef999424a
SHA1

ef9fe60ca5d86f6f7564f5eb2b0be0f990751db2
SHA256

e740d2d9e6dd8baec0e2646aa5acc5067ebf15dcdc2e25e15b0a20d6ede70aba
SHA512

84b9ba5d9e7135823b81735e48959ef32757e550745c7f534ea2d2bd8d5c5a44da397aa585b353b8b00aed223ead3ce4a65ca4358f35c7871ddeb01410a83230
SSDEEP

6144:rb25Idlfyv06fFoe1bIo9BUTAkIwxEV1fuj/T/t7C39DTjq494i:/22Yye10o9BUTAkIwxEV1fujgDTjq+4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab618c7206428c2877e9f9bef999424a

Files

ab618c7206428c2877e9f9bef999424a
.exe windows:4 windows x86 arch:x86

94a682e98848a38327bb203df0bc8121

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sal3

rtl_ustr_asciil_reverseCompare_WithLength
rtl_ustr_reverseCompare_WithLength
rtl_uString_newToAsciiLowerCase
rtl_uString_newTrim
rtl_ustr_ascii_compare_WithLength
rtl_ustr_ascii_shortenedCompare_WithLength
osl_decrementInterlockedCount
osl_destroyMutex
rtl_ustr_hashCode_WithLength
osl_incrementInterlockedCount
rtl_digest_create
rtl_digest_queryLength
rtl_string_release
rtl_uString2String
rtl_uString_acquire
osl_releaseMutex
osl_acquireMutex
osl_getProcessWorkingDir
rtl_digest_init
rtl_digest_update
osl_loadModule
osl_removeDirectory
rtl_uriDecode
osl_releaseDirectoryItem
osl_getFileURLFromSystemPath
rtl_uString_new
rtl_uString_newFromAscii
rtl_uString_assign
rtl_uString_newConcat
rtl_ustr_lastIndexOfChar_WithLength
rtl_uString_newFromStr_WithLength
rtl_ustr_ascii_compareIgnoreAsciiCase_WithLength
rtl_uStringbuffer_insert_ascii
rtl_str_getLength
rtl_uStringbuffer_insert
rtl_uString_new_WithLength
rtl_ustr_compare_WithLength
osl_getSystemPathFromFileURL
rtl_stringbuffer_insert
rtl_digest_destroy
rtl_ustr_valueOfInt32
rtl_ustr_toInt32
rtl_string_new_WithLength
rtl_string_new
rtl_string_acquire
rtl_allocateMemory
osl_waitThread
rtl_uString_getToken
rtl_uString_newFromStr
rtl_ustr_compareIgnoreAsciiCase_WithLength
rtl_ustr_indexOfChar_WithLength
osl_getThreadTextEncoding
rtl_string2UString
osl_createMutex
rtl_digest_get
osl_getGlobalMutex
rtl_freeMemory
rtl_uString_release
rtl_fillMemory
osl_getFileStatus
osl_unloadModule
osl_getSymbol
osl_getDirectoryItem

vos2msc

ord604
ord80
ord109
ord122
ord74
ord356
ord365
ord367
ord364
ord372
ord340
ord79
ord76
ord338
ord81
ord370
ord105
ord741
ord743
ord650
ord649
ord183
ord83
ord179
ord178
ord210
ord224
ord575
ord111
ord189
ord580
ord577
ord606
ord192
ord581
ord140
ord354
ord363
ord156
ord182
ord131
ord152
ord148
ord147
ord153
ord175
ord159
ord157
ord158
ord132
ord160
ord125
ord607
ord124
ord609
ord129
ord730
ord732

tl641mi

ord1372
ord1725
ord810
ord771
ord262
ord293
ord774
ord177
ord232
ord292
ord1168
ord1166
ord752
ord794
ord149
ord316
ord806
ord151
ord143
ord147
ord137
ord329
ord163
ord153
ord735
ord608
ord278
ord258
ord242
ord230
ord1408
ord251
ord317
ord315
ord241
ord231
ord235
ord250
ord318
ord282
ord245
ord237
ord20
ord21
ord1361
ord264
ord268
ord141
ord152
ord802
ord244

cppu3

uno_type_sequence_realloc
uno_type_assignData
typelib_static_type_init
typelib_static_sequence_type_init
uno_any_destruct
uno_type_destructData
typelib_static_type_getByTypeClass
uno_type_sequence_construct
uno_type_any_assign
uno_type_any_construct
typelib_typedescriptionreference_equals
uno_type_sequence_reference2One
uno_any_construct

cppuhelper3msc

?queryAdapter@OWeakObject@cppu@@UAA?AV?$Reference@VXAdapter@uno@star@sun@com@@@uno@star@sun@com@@XZ
?WeakImplHelper_query@cppu@@YA?AVAny@uno@star@sun@com@@ABVType@3456@PAUclass_data@1@PAXPAVOWeakObject@1@@Z
?acquire@OWeakObject@cppu@@UAAXXZ
??1OWeakObject@cppu@@MAE@XZ
?WeakImplHelper_getTypes@cppu@@YA?AV?$Sequence@VType@uno@star@sun@com@@@uno@star@sun@com@@PAUclass_data@1@@Z
?ImplHelper_getImplementationId@cppu@@YA?AV?$Sequence@C@uno@star@sun@com@@PAUclass_data@1@@Z
?release@OWeakObject@cppu@@UAAXXZ
?queryInterface@OWeakObject@cppu@@UAA?AVAny@uno@star@sun@com@@ABVType@4567@@Z
?defaultBootstrap_InitialComponentContext@cppu@@YA?AV?$Reference@VXComponentContext@uno@star@sun@com@@@uno@star@sun@com@@XZ

svl641mi

ord29
ord256
ord7044
ord255
ord23
ord22
ord8056
ord8055
ord7043
ord7042
ord182
ord9553
ord9559
ord181
ord262
ord264
ord261
ord9550
ord9549
ord47

vcl641mi

ord315
ord303
ord410
ord412
ord289
ord377
ord3240
ord2995
ord3230
ord3832
ord3238
ord300
ord399
ord407
ord354
ord322
ord302
ord385
ord6724
ord389
ord353
ord373
ord401
ord398
ord3235
ord621
ord623
ord614
ord678
ord616
ord3844
ord3838
ord2105
ord6876
ord654
ord3453
ord3454
ord3452
ord409
ord360
ord3678
ord3664
ord3668
ord3669
ord3670
ord3817
ord3665
ord3682
ord3829
ord3451
ord3805
ord3646
ord3840
ord3846
ord3843
ord3645
ord3810
ord3791
ord3671
ord3648
ord3641
ord3811
ord3795
ord3649
ord3786
ord3785
ord3793
ord3792
ord3794
ord3937
ord613
ord3936
ord3660
ord2135
ord319
ord355
ord443
ord359
ord324
ord313
ord148
ord294
ord3463
ord3445
ord161
ord327

utl641mi

ord1421
ord1442
ord559
ord1636
ord951
ord838
ord844
ord853
ord845
ord839
ord850
ord554
ord1462
ord1447
ord843
ord1795
ord1445
ord555
ord1643
ord1647
ord1637
ord1642
ord1646
ord1813
ord556

ucbhelper1msc

ord873
ord881
ord1062
ord133
ord127

comphelp2

ord469
ord467

salhelper3msc

??2SimpleReferenceObject@salhelper@@SAPAXI@Z
??3SimpleReferenceObject@salhelper@@SAXPAX@Z

msvcrt

_acmdln
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_XcptFilter
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_CxxThrowException
_iob
fprintf
_exit
__CxxFrameHandler

kernel32

GetStartupInfoA
GetModuleHandleA
FindFirstFileA
FindClose

stlport_vc6

?allocate@?$__node_alloc@$00$0A@@_STL@@SAPAXI@Z
?deallocate@?$__node_alloc@$00$0A@@_STL@@SAXPAXI@Z

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94a682e98848a38327bb203df0bc8121

Headers

File Characteristics

Imports

sal3

vos2msc

tl641mi

cppu3

cppuhelper3msc

svl641mi

vcl641mi

utl641mi

ucbhelper1msc

comphelp2

salhelper3msc

msvcrt

kernel32

stlport_vc6

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 184KB - Virtual size: 183KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 184KB - Virtual size: 183KB