4b5b012a81c1005efb6cf29a5edfb7325d56c1e4dccbc6eb6321cca4198d34a4

Sharing

Copy URL Twitter E-mail

General

Target

4b5b012a81c1005efb6cf29a5edfb7325d56c1e4dccbc6eb6321cca4198d34a4
Size

65KB
MD5

8a52b897523615572f5dd5e5a10bca82
SHA1

55285c86736123839594236b49f603090e0ef133
SHA256

4b5b012a81c1005efb6cf29a5edfb7325d56c1e4dccbc6eb6321cca4198d34a4
SHA512

a4198c307e2b5709e044d518cd19824add21f2ea0505cf357732c19b8ad986091f7ad8e3f237d9d59fb90a534c051c4840e6905e6bc30f1b2030feebc56917d3
SSDEEP

768:27gGWwS1JmzFyzMJP2Pwm6YOl+LvuAdZv:oWBJEYkP2Lt37v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5b012a81c1005efb6cf29a5edfb7325d56c1e4dccbc6eb6321cca4198d34a4

Files

4b5b012a81c1005efb6cf29a5edfb7325d56c1e4dccbc6eb6321cca4198d34a4
.dll windows:4 windows x86 arch:x86

6b9548e5c6a2fc42df67bb0f03d223a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xppui2

XBPPRINTDIALOG

xbtbase1

NUMTOKEN
TOKEN

ezdll

DEBUG
WHISTLE
DING
DATETOWORDS
PLAYSOUND

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft19ConNumericIntObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
SETAPPFOCUS
?conNewString
?domAssign
?symGetItemConst
?symRefItemConst
?getRFPC
?conMemberToItem
?domSub
?domGetElem
?symPrivateConst
?retStackItem
LEN
?retStackValue
?conSendItem
?domValLECmp
ACREATE
GRALINE
LEFT
?setCWArea
DBSEEK
?restWArea
?getRFCC
EMPTY
?domNot
TRANSFORM
?domAdd
?domValLCmp
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
ARRAY
?domValEql
DATE
STR
LTRIM
?domEql
ALLTRIM
GRAQUERYTEXTBOX
?orShortCut
?domOr
?domRefElem
?domSubEqu
GRAPOS
GRASTRINGAT
?domSubStr
?andShortCut
?domAnd
DBSELECTAREA
DTOS
SUBSTR
VAL
AADD
?pushDynamicCodeBlock
ASORT
?domValSubStr
TRIM
?domGCmp
?domLECmp
?domLCmp
?domValXEql
XBPPRINTER
?retNil
XBPBITMAP
FILE
?domAddEqu
XBPPRESSPACE
XBPFONT
?conAssignRefWMember
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
_osiDllRemove
_osiDllInsert
__This_DLL_needs_version_1_82_0
SETAPPWINDOW
PCOUNT
?domValGCmp
VALTYPE
?domNEql
ASCAN
MIN
MAX
?domMul
?domValNEql
?domGECmp
INT

Exports

Exports

WORKSHEET

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b9548e5c6a2fc42df67bb0f03d223a2

Headers

File Characteristics

Imports

xppui2

xbtbase1

ezdll

xpprt1

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 3KB - Virtual size: 3KB

.xpp Size: 1024B - Virtual size: 590B

.edata Size: 512B - Virtual size: 80B

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 3KB

.xpp
Size: 1024B - Virtual size: 590B

.edata
Size: 512B - Virtual size: 80B

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB