9dd2425c1a40b8899b2a4ac0a85b047bede642c5dfd3b5a2a2f066a853b49e2d

Sharing

Copy URL Twitter E-mail

General

Target

9dd2425c1a40b8899b2a4ac0a85b047bede642c5dfd3b5a2a2f066a853b49e2d
Size

67KB
MD5

db31ae71cf9cdc734c9a0a3a3f099095
SHA1

0dceba260652b4793e527dcc238c97683eb93144
SHA256

9dd2425c1a40b8899b2a4ac0a85b047bede642c5dfd3b5a2a2f066a853b49e2d
SHA512

80fa4dcb145d5f017a784ed632aa04a9d7dc1286eda7bd25cd77c458359cd86b1e2e395990c9977bcafa8b7d126c11fde6d9f9ce1bbecbe64d1ef9e7e75fec0f
SSDEEP

768:WyNw4V8bmol5NdQGgus2PJVN+dmdcIef8YzRuiWE6PIqjHP8bJzU0E65vU6VEI3:WyNwpbzuGguskJV88ezRkPbjkN5vcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dd2425c1a40b8899b2a4ac0a85b047bede642c5dfd3b5a2a2f066a853b49e2d

Files

9dd2425c1a40b8899b2a4ac0a85b047bede642c5dfd3b5a2a2f066a853b49e2d
.xll windows:5 windows x86 arch:x86

fb2f437211a58e1559c9e5fa72f0e09c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Document And Settings2\pe\Desktop\RTFExploit\src\RTFExploit_Common\Release\OnKeyToken_KEB.pdb

Imports

kernel32

GetWindowsDirectoryA
Sleep
ReadProcessMemory
CreateProcessA
GetModuleFileNameW
GetLastError
GetProcAddress
VirtualAllocEx
GetModuleHandleA
CloseHandle
WriteProcessMemory
ResumeThread
WriteFile
CreateFileW
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
GetNativeSystemInfo
SetLastError
VirtualAlloc
LoadLibraryA
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
IsDebuggerPresent
SetThreadContext
GetThreadContext
ExitProcess
SetEndOfFile
HeapSize
GetLocaleInfoA
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
MultiByteToWideChar
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shlwapi

PathRemoveFileSpecW
PathAppendW

Exports

Exports

OnKeyT_AppendEventInfo
OnKeyT_ContextFinal
OnKeyT_ContextInit
OnKeyT_GetSlotList
OnKeyT_Name2SlotID
OnKeyT_WaitForSlotEvent
_DllMain@12
xlAutoOpen

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb2f437211a58e1559c9e5fa72f0e09c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 5KB