123[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

123.7z
Size

1.5MB
MD5

a5fdec3fa9414bdf524af9a3e1fca30f
SHA1

17ecaa0bc08e3fe98997b5a26f8b9db8e0ca45c5
SHA256

7f2a9284bf0d3cc199041af48e6f303af7f6166b574b20dd749a4f7be5eeadad
SHA512

690ab02a03b9698c6f9a64c43096c2e5a3c4e8c1ba34a45315101214af0b24e2cea44facad6fac6b4d36330bbf2e147ce373e1245e5162bbcde04d1f123fbd10
SSDEEP

24576:ACAGlsEwqLctBIrQLD9KKrhfCz4N01CAnBOU4gqNYVZKGOyjN7HL:9AKHJrQLD9E4CYAwvgUYv1OWN7HL

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/123/Winc.exe
unpack001/123/pbvm90.dll

Files

123.7z
.7z
123/Winc.exe
.exe windows:4 windows x86 arch:x86

bbe06459abbb1d845c350bfe00379c91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pbvm90

ord137

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetCPInfo
IsDBCSLeadByte
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetACP
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
RtlUnwind
VirtualFree
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
LoadLibraryA
WriteFile
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
VirtualAlloc
GetProcAddress

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
123/image.jpeg
.jpg
123/pbvm90.dll
.dll windows:6 windows x86 arch:x86

5ac7bd8bd2329c75810d90015b3f811f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

loader.pdb

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_beginthread
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fputc
free
fwrite
localeconv
malloc
realloc
setlocale
strchr
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

AbsoluteDecimal
AddDecimal
ArrayBounds_getLowerbound
ArrayBounds_getUpperbound
ChangeSignDecimal
ClassDef_FindMatchingFunction
ClassDef_GetAncestor
ClassDef_GetIsAutoinstantiate
ClassDef_GetNestedClass
ClassDef_GetNestedClassList
ClassDef_GetNumNstClasses
ClassDef_GetNumScripts
ClassDef_GetNumVariables
ClassDef_GetRoutine
ClassDef_GetRoutineList
ClassDef_GetVariable
ClassDef_GetVariableList
ClassDef_GetWithInClass
ClassDefinitionObject_destroyObject
CompareDecimal
ConvAsciiToDecimal
ConvDecToDouble
ConvDecToFloat
ConvDecToInt
ConvDecToLong
ConvDecToLonglong
ConvDecToUns
ConvDecToUnsLong
ConvDecimalToAscii
ConvDoubleToDecimal
ConvDoubleToDecimalRound
ConvFloatToDecimal
ConvIntToDecimal
ConvLongToDecimal
ConvLonglongToDecimal
ConvUnsLongToDecimal
ConvUnsToDecimal
CopyDateTimeToPSH_TIME
CopyDateToPSH_TIME
CopyDecimalToPSH_DEC
CopyTimeToPSH_TIME
CreateBlob
CreateBlobFromBytes
CreateBlobFromLPTSTR
CreateBlobWithSize
CreateDateFromLPTSTR
CreateDateFromPSH_TIME
CreateDateFromString
CreateDateTimeFromLPTSTR
CreateDateTimeFromPSH_TIME
CreateDateTimeFromString
CreateDebugLog
CreateDecimal
CreateDecimalFromDouble
CreateDecimalFromLPTSTR
CreateDecimalFromLong
CreateDecimalFromPSH_DEC
CreateDynamicVector
CreateDynamicVectorFromArray
CreateDynamicVectorWithSize
CreateEnumUnknown
CreateFileType
CreateList
CreateListFromArray
CreateLogManager
CreateNTEventLog
CreatePBIArgument
CreatePBIArray
CreatePBIArrayBounds
CreatePBIArrayBoundsList
CreatePBIArrayOfObject
CreatePBIArrayRuntime
CreatePBIBlob
CreatePBIBlobRuntime
CreatePBIClassDef
CreatePBIClassDefList
CreatePBIContextRuntime
CreatePBIDate
CreatePBIDateRuntime
CreatePBIDateTime
CreatePBIDateTimeRuntime
CreatePBIDateToday
CreatePBIDecimal
CreatePBIDecimalRuntime
CreatePBIException
CreatePBIGeneratorRegistry
CreatePBIInstanceByID
CreatePBIInstanceByName
CreatePBIInstanceRuntime
CreatePBIScriptDef
CreatePBIScriptDefList
CreatePBISession
CreatePBISessionRuntime
CreatePBIString
CreatePBIStringList
CreatePBITime
CreatePBITimeNow
CreatePBITimeRuntime
CreatePBITypeDef
CreatePBIUnboundedArray
CreatePBIUnboundedArrayOfObject
CreatePBIValue
CreatePBIValueRuntime
CreatePBIVariableDefList
CreateString
CreateStringBuffer
CreateStringBufferFromLPTSTR
CreateStringDictionary
CreateStringDictionaryWithFlags
CreateStringDictionaryWithSize
CreateTimeFromLPTSTR
CreateTimeFromPSH_TIME
CreateTimeFromString
CreateUlongDictionary
CreateUlongDictionaryWithFlags
CreateUlongDictionaryWithSize
DBGVW_AddINT
DBGVW_AddLPTSTR
DBGVW_DlgProc
DBGVW_Remove
DBGVW_Show
DBI_AddSyntaxLine
DBI_AlterForeignKeySyntax
DBI_AlterPrimaryKeySyntax
DBI_AttrInfo
DBI_BindSelectBuffer
DBI_BuildComboList
DBI_BuildRPCAlias
DBI_CanIdentifySystemProcs
DBI_Cancel
DBI_CleanUpColumnList
DBI_ComboList
DBI_Command_Tran
DBI_Commit
DBI_Connect
DBI_CreateForeignKeySyntax
DBI_CreateNoLogPKeySyntax
DBI_CreatePrimaryKeySyntax
DBI_CtrlChars2Text
DBI_CursorConnect
DBI_DBHandle
DBI_DWCursorConnect
DBI_DataTypeListString
DBI_DatabaseInfo
DBI_DatabaseLoad
DBI_DateString
DBI_DecimalString
DBI_DeleteDir
DBI_DeleteProcDir
DBI_DeleteSyntaxList
DBI_DelimitReservedWord
DBI_Describe
DBI_DescribeExtra
DBI_DescribeInput
DBI_DescribeOutput
DBI_DialogBoxCenter
DBI_DialogConnect
DBI_Disconnect
DBI_DoCompare
DBI_DoCompareFirst
DBI_DoCompareFirstWithSkip
DBI_DoubleString
DBI_DoubleTheQuotes
DBI_DummyConnect
DBI_DynamicBind
DBI_EditStyleHash
DBI_EditStyleInfo
DBI_EditUpdate
DBI_EndSyntax
DBI_ErrorSQL
DBI_ExecPlan
DBI_Execute
DBI_FetchFirst
DBI_FetchLast
DBI_FetchNext
DBI_FetchPrev
DBI_FetchRandom
DBI_FetchRelative
DBI_FillBlanks
DBI_FindComboListString
DBI_FindComboString
DBI_FinishLine
DBI_FormatHash
DBI_FreeColBlkList
DBI_FreeDBInterface
DBI_FreeMem
DBI_FreeParmList
DBI_FreePrepList
DBI_FreeValidHash
DBI_FreeWhereList
DBI_GetBlobConnect
DBI_GetColumnExpression
DBI_GetDriverObjects
DBI_GetForeignKYOptions
DBI_GetIdentityValue
DBI_GetNextResultSet
DBI_GetPBTypeString
DBI_GetParm
DBI_GetSelectInfo
DBI_GetSelectItems
DBI_GetTimestamp
DBI_LibraryName
DBI_LoadDBInterface
DBI_LoadString
DBI_LogIn
DBI_LookForKeyWord
DBI_MPowerFetchNext
DBI_MatchCombo
DBI_MatchString
DBI_NewDBParm
DBI_NumericString
DBI_OuterJoinSyntax
DBI_OuterJoinSyntax_ANSI
DBI_PBC_DialogBox
DBI_PBC_DialogBoxParam
DBI_PBC_ShowWindow
DBI_PBToArgs
DBI_PBToSQL
DBI_Parse
DBI_ParseBasicSelect
DBI_ParseColList
DBI_ParseColSubset
DBI_ParseFrom
DBI_ParseIdentifier
DBI_ParseKeyWords
DBI_ParseParms
DBI_ParseWhere
DBI_Prepare
DBI_PrepareWithParms
DBI_PrimaryKeyReferences
DBI_ProcDescribe
DBI_ProcInfo
DBI_ProcPrepare
DBI_ProcText
DBI_PubProcList
DBI_PubProcRPCSyntax
DBI_RPC_DoCall
DBI_ReadBlob
DBI_RegisterVendor
DBI_ReleaseInputParms
DBI_ReplaceDbParm
DBI_RollBack
DBI_Rows
DBI_RuntimeExecute
DBI_RuntimeFetchNext
DBI_SQLCacheBegin
DBI_SQLCacheDiscardEntry
DBI_SQLCacheEnd
DBI_SQLCacheFlushEntries
DBI_SQLCacheMakeSQLStatementAvailable
DBI_SQLCacheRegisterDescribe
DBI_SQLCacheRegisterSQLStatement
DBI_SQLCacheRequestDescribe
DBI_SQLCacheRequestSqlStatement
DBI_SQLCacheSetSelectCacheSize
DBI_SQLCacheStatistics
DBI_SearchReplace
DBI_SquishSyntax
DBI_StartSyntax
DBI_StartTran
DBI_Step
DBI_SystemDatabaseLoad
DBI_TableExplode
DBI_TableLoad
DBI_TerminateSQL
DBI_Text2CtrlChars
DBI_ThreadSafeEnabled
DBI_UnRegisterVendor
DBI_UniqueKey
DBI_ValidHash
DBI_ViewText
DBI_WriteBlob
DBI_YesTrue1
DPBApplicationNameGet
DPBApplicationNameSet
DPBConnectStringGet
DPBConnectStringSet
DPBConnectToRemote
DPBCreateConnectObject
DPBCreateInstance
DPBCreateInstanceFromProxy
DPBDestroyConnectObject
DPBDisconnectRemote
DPBDriverErrorCodeGet
DPBDriverErrorStrGet
DPBDriverNameGet
DPBDriverNameSet
DPBGetConnectionInfo
DPBGetSessionInfo
DPBLocationNameGet
DPBLocationNameSet
DPBLookup
DPBORB_Create
DPBORB_Destroy
DPBORB_Init
DPBORB_ObjectToString
DPBORB_ResolveInitialReferences
DPBORB_StringToObject
DPBOptionsGet
DPBOptionsSet
DPBPasswordGet
DPBPasswordSet
DPBRemoteServerStopListen
DPBRemoteServerStopUserConnection
DPBTraceGet
DPBTraceSet
DPBUserIDGet
DPBUserIDSet
DP_ApplyDDLSyntax
DP_ArgdProc
DP_BlocksToText
DP_BuildCreateBlks
DP_BuildCreateSyntax
DP_BuildDropSyntax
DP_BuildNdxBlks
DP_BuildNdxSyntax
DP_BuildPrimaryKeyBlks
DP_BuildPrimaryKeySyntax
DP_BuildTablename
DP_CheckKeytype
DP_CreateTable
DP_DestroyBindBuffer
DP_DestroyColumnList
DP_DestroyCreateBlks
DP_DestroyDPBlob
DP_DestroyDPBlobList
DP_DestroyDPinfo
DP_DestroyDPtable
DP_DestroySyntax
DP_ExecuteError
DP_ExecuteSelect
DP_MatchPBtype
DP_MatchTypeName
DP_Parsecname
DP_Parsetname
DP_RTCancelPipe
DP_RTClosePipe
DP_RTCreatePipe
DP_RTRepairPipe
DP_RTRunPipe
DP_SetBlobs
DP_SetDefaultBind
DP_SetDefaultText
DP_TableStatus
DP_TextToBlocks
DP_TransferData
DP_dwCloseError
DP_dwCreate
DP_dwDestroy
DP_genSQLData
DP_getKeyDef
DP_getTblDef
DP_setKeys
DecimalPrecision
DivideDecimal
DivideDecimalAndRound
DivideDecimalAndTruncate
DllCanUnloadNow
DllGetClassObject
DrawPsppObject
EnumerationDefinition_EnumUpperBound
EnumerationDefinition_GetEnumeration
EnumerationDefinition_GetEnumerationList
EnumerationItemDefinition_getName
EnumerationItemDefinition_getValue
FNX_DataWindowDescribe
FNX_DataWindowGetBandAtPointer
FNX_DataWindowGetChild
FNX_DataWindowGetCurrentColumn
FNX_DataWindowGetCurrentRow
FNX_DataWindowGetItemDateTime
FNX_DataWindowGetItemNumber
FNX_DataWindowGetItemString
FNX_DataWindowGetObjectAtPointer
FNX_DataWindowGetRowCount
FNX_DataWindowSaveAs
FNX_DataWindowSelectRow
FNX_DataWindowSetAllEvents
FNX_DataWindowSetCurrentColumn
FNX_DataWindowSetCurrentRow
FNX_IsPowerObject
FNX_ObjectClassName
FNX_ObjectIUnknown
FNX_RteGetCharFormat
FNX_RteGetCurrentBand
FNX_RteGetLine
FNX_RteGetSelection
FNX_RteLineCount
FNX_RteLineLength
FNX_RteSetCurrentBand
FNX_RteSetSelection
FN_BeginTrace
FN_CheckBoxWnd
FN_CloseTrace
FN_CommandButtonWnd
FN_ConvertUnits
FN_CtlColor
FN_CtlCreate
FN_CtlCreateAll
FN_CtlFree
FN_CtlFreeAll
FN_CtlRecreate
FN_CtlResCreate
FN_CtlResFree
FN_DWGetHandle
FN_DataStoreWnd
FN_DataWindowChange
FN_DataWindowWnd
FN_DisableEventTrace
FN_DrawLine
FN_DrawRectangle
FN_DropDownEditWnd
FN_DropDownListWnd
FN_DropDownMainWnd
FN_DumpTrace
FN_EditMaskWnd
FN_EnableEventTrace
FN_EndTrace
FN_EvtTimerWnd
FN_FieldGetAppString
FN_FieldGetCtl
FN_FieldGetDS
FN_FieldGetDW
FN_FieldGetMN
FN_FieldGetUO
FN_FieldGetWN
FN_FieldItemUpdate
FN_FieldUpdate
FN_FileDlgHook
FN_FileGetHandle
FN_FormatData
FN_GetApplicationObInst
FN_GetDataStoreHWNDUsage
FN_GetExeInstance
FN_GraphWnd
FN_GroupBoxWnd
FN_HScrollBarWnd
FN_HelpWnd
FN_Init
FN_LibraryEntryList
FN_ListBoxWnd
FN_ListViewCompare
FN_ListViewCompare2
FN_ListViewDeleteItem
FN_ListViewGetDispInfo
FN_ListViewWnd
FN_LookupEventDecl
FN_MDIClientWnd
FN_MailIsAvailable
FN_MailWithAttachment
FN_MenuBarCreate
FN_MinimumVersion
FN_MultiLineEditWnd
FN_OleControlWnd
FN_OpenTrace
FN_OwnerDraw
FN_OwnerInit
FN_PictureWnd
FN_PipelineNotify
FN_PluginPollLoop
FN_PluginStart
FN_PluginStop
FN_PostedRoutine
FN_RadioButtonWnd
FN_ResCreateBitmap
FN_ResCreateBitmap3D
FN_ResCreateBitmapFromIcon
FN_ResDestroy
FN_ResGetBitmapID
FN_ResGetBitmapName
FN_ResGetBitmapTable
FN_ResGetColor
FN_ResGetCursorID
FN_ResGetCursorTable
FN_ResGetIconID
FN_ResGetIconTable
FN_RichTextEditWnd
FN_RtActive
FN_RtActiveWnd
FN_RtBroadcast
FN_RtHandle
FN_RtMenuInfo
FN_RtRespCnt
FN_RtSuspend
FN_RtSuspended
FN_RtTerminate
FN_RtWndAccel
FN_RtWndInfo
FN_RtWndMenu
FN_RtWndMenuSelect
FN_RtWndProp
FN_RunApplication
FN_RunExecutable
FN_RunExecutableEx
FN_RunForm
FN_RunHelperApp
FN_RunMessageLoop
FN_RunSetHelperWindow
FN_RunWindow
FN_RuntimeCreate

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 63B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe06459abbb1d845c350bfe00379c91

Headers

File Characteristics

Imports

pbvm90

kernel32

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 18KB - Virtual size:

5ac7bd8bd2329c75810d90015b3f811f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.buildid Size: 512B - Virtual size: 63B

.data Size: 216KB - Virtual size: 403KB

.eh_fram Size: 156KB - Virtual size: 155KB

.tls Size: 512B - Virtual size: 8B

.reloc Size: 113KB - Virtual size: 113KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 18KB - Virtual size:

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.buildid
Size: 512B - Virtual size: 63B

.data
Size: 216KB - Virtual size: 403KB

.eh_fram
Size: 156KB - Virtual size: 155KB

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 113KB - Virtual size: 113KB