9d0e6c97481e7576b7cfb951cfa49359ec354ad32c53e3570c8dac907417c7e5

Sharing

Copy URL Twitter E-mail

General

Target

9d0e6c97481e7576b7cfb951cfa49359ec354ad32c53e3570c8dac907417c7e5
Size

2.9MB
MD5

5fa352b937753c33063f43bae7a1b516
SHA1

ecbdce3f94e88916bc424afbebce701205c81fca
SHA256

9d0e6c97481e7576b7cfb951cfa49359ec354ad32c53e3570c8dac907417c7e5
SHA512

5120773ca95bee2e07ae421aa04293c89470b00a6a21ba9a86f5000c8b75c3370c4da8188505d7c5c9868d2357d74f97f230c956f6c1986a71f125cab52a623c
SSDEEP

49152:epoEdB+mY/2KiGOM/SzTXcQR/a3NKnQIEQjzDsr057E01RTlL:e1MmY/2SRSzTXcQR/aKDsw57EiTL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d0e6c97481e7576b7cfb951cfa49359ec354ad32c53e3570c8dac907417c7e5

Files

9d0e6c97481e7576b7cfb951cfa49359ec354ad32c53e3570c8dac907417c7e5
.exe windows:5 windows x86 arch:x86

0cf72aae1a219a0741aad52e754ad1e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\working\Task\rmtclient\Release\rmtclient.pdb

Imports

kernel32

CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetFileType
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapReAlloc
VirtualAlloc
HeapSize
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
ExitThread
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetThreadContext
GetSystemDirectoryA
SetProcessAffinityMask
OpenProcess
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
GetThreadPriority
SetThreadAffinityMask
IsDBCSLeadByteEx
GetProcessAffinityMask
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
HeapFree
HeapAlloc
GetFileAttributesA
SetErrorMode
GetModuleHandleW
CreateFileA
DuplicateHandle
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
SuspendThread
ResumeThread
GetModuleFileNameA
GetModuleFileNameW
lstrlenA
MulDiv
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetLastError
SetLastError
lstrcmpW
GetVersionExA
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceA
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetTickCount
GetModuleHandleA
ReadFile
GetFileSizeEx
CreateFileW
Sleep
GlobalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
ResetEvent
CreateEventA
DeleteCriticalSection
CloseHandle
SetEvent
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
GetCurrentProcessId
GetACP
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
FreeLibrary
GetProcAddress
WriteConsoleW
LoadLibraryA
SetThreadContext

user32

EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetPropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetScrollRange
SetScrollPos
SetForegroundWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
GetClassInfoExA
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
ModifyMenuA
GetWindowPlacement
GetWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
GetNextDlgTabItem
EndDialog
TranslateMessage
UpdateWindow
SetActiveWindow
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindowVisible
GetDlgItemTextA
AppendMenuA
GetClipboardData
IsClipboardFormatAvailable
GetClassNameA
GetClipboardOwner
AdjustWindowRectEx
GetMenuState
ChangeClipboardChain
RegisterClassA
GetClassInfoA
ReleaseDC
EnumDisplaySettingsA
SystemParametersInfoA
SetClipboardViewer
GetSystemMetrics
UnhookWindowsHookEx
ShowScrollBar
GetClientRect
InvalidateRect
SetDlgItemInt
ScreenToClient
SetWindowsHookExA
CallNextHookEx
GetCursorPos
GetFocus
SendInput
MapVirtualKeyA
GetKeyState
CheckMenuRadioItem
EnableMenuItem
CheckMenuItem
GetSystemMenu
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
LoadBitmapA
GetMenuCheckMarkDimensions
IsIconic
GetWindowRect
PtInRect
IsWindowUnicode
GetSysColor
SendMessageA
EnableWindow
SetPropA
RegisterHotKey
CreateWindowExA
GetWindowTextW
SetWindowTextW
UnregisterHotKey
RemovePropA
RegisterClipboardFormatA
OpenClipboard
PostMessageA
UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
GetMessageA
ValidateRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetWindowThreadProcessId
SetCursor
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
DestroyMenu
GetMenuItemInfoA
InflateRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetDlgItemInt
GetParent

gdi32

SetMapMode
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePatternBrush
CreateBitmap
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateCompatibleBitmap
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
DeleteDC
GetDeviceCaps
SetStretchBltMode
CreateCompatibleDC
SelectObject
CreateDIBSection
BitBlt
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragFinish
DragQueryFileA
DragQueryFileW

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
OleSetClipboard
ReleaseStgMedium
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
VariantChangeType
VariantClear

imm32

ImmAssociateContext
ImmDestroyContext
ImmGetContext
ImmReleaseContext

winmm

waveOutClose
waveOutPrepareHeader
waveOutOpen
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod
timeSetEvent
waveOutWrite

ws2_32

WSAStartup
connect
gethostname
WSAIoctl
WSAGetLastError
htonl
gethostbyname
closesocket
__WSAFDIsSet
socket
sendto
ntohs
htons
select
inet_addr
recvfrom
getsockopt
bind
WSACleanup
setsockopt
getsockname

iphlpapi

GetNetworkParams

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.drectve
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cf72aae1a219a0741aad52e754ad1e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

imm32

winmm

ws2_32

iphlpapi

oleacc

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.text.un Size: 71KB - Virtual size: 71KB

.rdata Size: 311KB - Virtual size: 310KB

.data Size: 16KB - Virtual size: 144KB

.drectve Size: 1KB - Virtual size: 1KB

.eh_fram Size: 11KB - Virtual size: 10KB

.dtors Size: 512B - Virtual size: 4B

.ctors Size: 512B - Virtual size: 4B

.rsrc Size: 86KB - Virtual size: 86KB

.reloc Size: 79KB - Virtual size: 79KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.text.un
Size: 71KB - Virtual size: 71KB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 16KB - Virtual size: 144KB

.drectve
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 11KB - Virtual size: 10KB

.dtors
Size: 512B - Virtual size: 4B

.ctors
Size: 512B - Virtual size: 4B

.rsrc
Size: 86KB - Virtual size: 86KB

.reloc
Size: 79KB - Virtual size: 79KB