ab814539ba74289814976f826abe7871

Sharing

Copy URL Twitter E-mail

General

Target

ab814539ba74289814976f826abe7871
Size

52KB
MD5

ab814539ba74289814976f826abe7871
SHA1

79d060d8b8a116eaa915762766a3eab9b80354f0
SHA256

e7dbe6b578ca84ea99360f355aeadb9d56939c53a7bb5a9a229127e0e9a9a60e
SHA512

b05cf1bdc700858d4988ba879ef334f00caf0c767dcf1e2eea3375235964a3596de5111bc04e8a3c6a20c03d9fa020d838e970ef8f07aada4a7449a0abf160a4
SSDEEP

768:CTr77X+/SYV8je5P2Vhdu2kF2PwVzyd6kz1hNK75eJSoNvJlHNuU4FEdEUPA:CHoSYV92VffFbTM750vohFEd1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/_ENG/rpc_w32.exe
unpack001/_RUS/rpc_w32.exe

Files

ab814539ba74289814976f826abe7871
.rar .ps1 polyglot
CHRS/DIGITS.CHR
CHRS/LATIN.CHR
CHRS/RUS.CHR
CHRS/special.chr
FRGS/arj.frg
FRGS/exe&dll.frg
FRGS/html.frg
FRGS/jpg.frg
FRGS/ra.frg
FRGS/rar.frg
FRGS/wav.frg
FRGS/word97.frg
FRGS/zip.frg
_ENG/EXAMPLE/EXAMPLE.CFG
_ENG/EXAMPLE/example.rar
.rar
_ENG/RPCDOC.TXT
_ENG/rpc_os2.exe
_ENG/rpc_w32.exe
.exe windows:1 windows x86 arch:x86

8955e5025f8549f7685f19fe28e1f757

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

Sections

AUTO
Size: 43KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 20KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_RUS/EXAMPLE/EXAMPLE.CFG
_RUS/EXAMPLE/example.rar
.rar
_RUS/RPCDOC.TXT
_RUS/rpc_os2.exe
_RUS/rpc_w32.exe
.exe windows:1 windows x86 arch:x86

8955e5025f8549f7685f19fe28e1f757

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

Sections

AUTO
Size: 43KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 20KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_id.diz

Sharing

General

Malware Config

Signatures

Files

8955e5025f8549f7685f19fe28e1f757

Headers

File Characteristics

Imports

user32

kernel32

Sections

AUTO Size: 43KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 8KB - Virtual size:

.bss Size: 20KB - Virtual size:

.reloc Size: 4KB - Virtual size:

8955e5025f8549f7685f19fe28e1f757

Headers

File Characteristics

Imports

user32

kernel32

Sections

AUTO Size: 43KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 8KB - Virtual size:

.bss Size: 20KB - Virtual size:

.reloc Size: 4KB - Virtual size:

AUTO
Size: 43KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 8KB - Virtual size:

.bss
Size: 20KB - Virtual size:

.reloc
Size: 4KB - Virtual size:

AUTO
Size: 43KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 8KB - Virtual size:

.bss
Size: 20KB - Virtual size:

.reloc
Size: 4KB - Virtual size: