5b1e646f420c99dd7057032cd547c5328cccc81954e34184b4127b4db4d36db9

Sharing

Copy URL Twitter E-mail

General

Target

5b1e646f420c99dd7057032cd547c5328cccc81954e34184b4127b4db4d36db9
Size

2.8MB
MD5

84a147ee88d0946ca6eaec1557743c2a
SHA1

55d6e26458f7ce6340a4a23f2b6e21ae661c4612
SHA256

5b1e646f420c99dd7057032cd547c5328cccc81954e34184b4127b4db4d36db9
SHA512

eca189c36f3f9a059bf6bf235018a8b5ebf81fb947d74cbc99ec70cefc4072718bab13b7abf27a44049eb8360f9dfda85e1f69e4bc07b61909a25bcd62cbb718
SSDEEP

24576:3ApEFg1532dVv/ZQH20Sk5eP+dEyRMjXouQm831cL5rUMMXRBzuUkKX:3XF0UdPs20Sk5eaSjmZ3JPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b1e646f420c99dd7057032cd547c5328cccc81954e34184b4127b4db4d36db9

Files

5b1e646f420c99dd7057032cd547c5328cccc81954e34184b4127b4db4d36db9
.exe windows:4 windows x86 arch:x86

d4d1285a6388629ea5f39c9445e037e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?conNewCon
?momSOff
?pushCodeBlock
SETKEY
_SYMLOAD
?symRefItemConst
?domAssign
?getRFPC
?domAdd
FILE
?domNot
?retStackValue
?andShortCut
?domAnd
DBSELECTAREA
?retStackItem
ORDLISTCLEAR
ORDLISTADD
TYPE
SETCOLOR
SCROLL
SETPOS
ACREATE
?orShortCut
?domOr
SET
DBCLOSEALL
DISPBOX
DEVPOS
DEVOUT
_ATPROMPT
UPPER
_MENUTO
STR
_QUIT
?conRelease
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?conNNewNil
?symParameterConst
ALIAS
?symGetItemConst
DBGOTOP
LASTREC
MIN
ARRAY
?symPrivateConst
EOF
?domRefElem
?domGetElem
?executeMacro
DBSKIP
LASTKEY
_KEYBOARD
?symPublicConst
?retNil
?domValEql
LEFT
ORDSETFOCUS
CHR
?domSubStr
?domNEql
RECNO
COL
REPLICATE
INKEY
?domEql
BOF
?getRFCC
DBSEEK
?domLCmp
DEVOUTPICT
SAVESCREEN
EMPTY
GET
?getWFPC
?conSendItem
AADD
VAL
?domGCmp
__vft20ConStringConstObject10AtomObject
DBDELETE
?getWCFC
STRTRAN
?getRFIC
RESTSCREEN
DBUNLOCK
DBGOTO
?domSub
?domNegate
ROW
SPACE
LEN
STRZERO
TRIM
FOUND
QOUT
DBCOPYEXTSTRUCT
DBCLOSEAREA
DTOS
_EARLYBOUNDCODEBLOCK
DBCREATEINDEX
__vft19ConNumericIntObject10AtomObject
SUBSTR
?domGECmp
?domLECmp
DBEVAL
DBPACK
RIGHT
MAX
?domValNEql
?setCWArea
?restWArea
?domMul
ROUND
ABS
?domValSubStr
?domDiv
ASC
?domValLCmp
?domValGCmp
CTOD
AT
DBZAP
?domInc
DBGOBOTTOM
RAT
ALLTRIM
_SYMSAVE
FCREATE
?Xb2MacroSubstStringConst
FWRITE
FSEEK
FCLOSE
LTRIM
DTOC
ACHOICE
_SYMRELEASE
DBUNLOCKALL
MEMORY
DBLOCATE
DATE
?domValGECmp
DBCOPYSTRUCT
_SYMNILPRIVATES
DBCLEARRELATION
DBSETRELATION
?domXEql
?getRFSC
DBCLEARFILTER
DBSETFILTER
FCOUNT
FIELDNAME
INT
?domValXEql
SETCURSOR
DBAPPEND
?getWCFS
DELETED
DBRECALL
INDEXKEY
DBCONTINUE
LOWER
?setIWArea
__vft14ConLogicObject10AtomObject
ISFIELDVAR
?executeLMacro
ORDLISTREBUILD
?getRCFS
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
SETBLINK
DBUSEAREA
NETERR
NEXTKEY
FLOCK
RLOCK
SELECT
MONTH
YEAR
DAY
DBCREATE
?getWFCS
?symGetItem
?getRFCS
DBCOMMITALL
CURDIR
CURDRIVE
?conNewNil
PROCNAME
?conMemberToItem
?domMod
?domValLECmp
?domExp
ORDKEY
?setSWArea
MAXROW
?ehUnsetContext
?ehGetBreakContainer
FOPEN
DIRECTORY
FERASE
AEVAL
FRENAME
DISKSPACE
DOW
RUNSHELL
CREATEDIR
APPNAME
_COPYFILE
SETAPPEVENT
APPDESKTOP
?conAssignRefWMember
XBPFONT
SETAPPWINDOW
FREAD
TIME
GETENV
ALERT
ISPRINTER
_EJECT
SETPRC
MEMOREAD
?conNewString
?conOpNewInt
?conNewLogic
?exePcodeEval
MLCOUNT
MEMOLINE
VALTYPE
CHAR2VAR
CONVTOANSICP
XBPPRINTER
MSGBOX
FERROR
FREADSTR
PADR
BREAK
ERRORBLOCK
?domAddEqu
FIELDGET
GRAPOS
ASCAN
GRASTRINGAT
PADL
LIKE
SETAPPFOCUS
APPEVENT
MAXCOL
QQOUT
SECONDS
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conGetSelfClass
?conGetClass
?floadTos
EVAL
ASIZE
GRABOX
GRASEGDRAW
?domDec
CONVTOOEMCP
DLLLOAD
DLLCALL
DLLUNLOAD
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

READKILL
READMODAL
ANCHORCB
DBCREATEFROM
_DBIMPORT
ADIR
DBEDIT
_DBEXPORT
READVAR
GETACTIVE
GETENABLEEVENTS
XBPCRT
GETUNIQUEFILENAME
XBPPRESSPACE
GRASETFONT
XBPDIALOG
XBPPUSHBUTTON
MOD
XBPSTATIC
XBPSCROLLBAR
APPEXIT
DBESYS
ERRORSYS

xppdbgc

__XPPdbgClient

ascom10

CREATEOBJECT
COMLASTERROR
COMLASTMESSAGE

xppui2

XBPPRINTDIALOG

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4d1285a6388629ea5f39c9445e037e0

Headers

File Characteristics

Imports

xpprt1

xppsys

xppdbgc

ascom10

xppui2

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 180KB - Virtual size: 180KB

.xpp Size: 9KB - Virtual size: 8KB

.idata Size: 7KB - Virtual size: 6KB

.reloc Size: 109KB - Virtual size: 108KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 180KB - Virtual size: 180KB

.xpp
Size: 9KB - Virtual size: 8KB

.idata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 109KB - Virtual size: 108KB