d4aabe53bbebbe39746ca46390e35714

Sharing

Copy URL Twitter E-mail

General

Target

d4aabe53bbebbe39746ca46390e35714
Size

453KB
MD5

d4aabe53bbebbe39746ca46390e35714
SHA1

c2ce62d653ee3f333d2727b3b66d3fdaf85f3969
SHA256

e60437a1b853eaf5ffb7172511e250e99f662f30924ea1672942ac52b722f5c4
SHA512

d0c0d0e1642b9c940e7184fec2c72c86d1326f24a816f575949498bb728bcf5d3541648bc8783ae3cdadcd130ebf7ccc4875a87251832dadc16e7faa4faf0657
SSDEEP

12288:H5QtJmEpH1C/9Blk3d3OL97YNXptTO4D+6x:2Do/923RNa4l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4aabe53bbebbe39746ca46390e35714

Files

d4aabe53bbebbe39746ca46390e35714
.exe windows:5 windows x86 arch:x86

612f083869429b81c2c3b2c26b17ff97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work3three\24092010\newline__0\Rxbot 7.6\Debug\rBot.pdb

Imports

ssleay32

ord96
ord48
ord8
ord78
ord74
ord183
ord110
ord12
ord75
ord87
ord43
ord108

kernel32

GetStartupInfoA
CompareStringW
CompareStringA
VirtualQuery
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
lstrlenA
RaiseException
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CloseHandle
WriteFile
CreateFileA
ExitThread
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryA
ExitProcess
CreateProcessA
GetTickCount
GetModuleFileNameA
Sleep
FindClose
FindNextFileA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
CreateThread
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
LoadLibraryA
GetLastError
GetProcAddress
GetModuleHandleA
FormatMessageA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
ExpandEnvironmentStringsA
SetFileAttributesA
GetTempPathA
GetDriveTypeA
GetLogicalDriveStringsA
DeleteFileA
GetCurrentProcess
TerminateProcess
OpenProcess
WaitForSingleObject
GetCurrentProcessId
MoveFileA
GetExitCodeProcess
PeekNamedPipe
DuplicateHandle
CreatePipe
GetComputerNameA
GetLocaleInfoA
GetVersionExA
TerminateThread
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
SetEnvironmentVariableA
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.popa
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.popo
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

612f083869429b81c2c3b2c26b17ff97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ssleay32

kernel32

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 10KB - Virtual size: 160KB

.popa Size: 16KB - Virtual size: 16KB

.popo Size: 16KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 10KB - Virtual size: 160KB

.popa
Size: 16KB - Virtual size: 16KB

.popo
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B