ea4f630103a710e07cae48a3e790458a2cceb408c4c115b45aa37d6b0a562118

Sharing

Copy URL Twitter E-mail

General

Target

ea4f630103a710e07cae48a3e790458a2cceb408c4c115b45aa37d6b0a562118
Size

180KB
MD5

fda18b6eeba22409573071406df64ccc
SHA1

04716e86a46e459baf11489c6ae3518bc82209d9
SHA256

ea4f630103a710e07cae48a3e790458a2cceb408c4c115b45aa37d6b0a562118
SHA512

7920e64c3d1d168f0d5bd415e3b779f6869ffca7cc389c56e47105b58e913442799a91bf6cd1cb85c5ecd6ffd8242a6c77796d2d776cd24978f2529fd58b4611
SSDEEP

1536:O8PbyvCWt5JqPC920ULUl2c62R7uezHwTfkZqjG0fgArnYxon7gKasfgZh2PMoIy:7P+vHZNLuDI7rzHv05DYxon7grOMoIy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea4f630103a710e07cae48a3e790458a2cceb408c4c115b45aa37d6b0a562118

Files

ea4f630103a710e07cae48a3e790458a2cceb408c4c115b45aa37d6b0a562118
.dll windows:4 windows x86 arch:x86

92b98390275f27ba04679db8c5733dee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sync20

SyncYieldCycles

hslog20

ord52

ocpprogressbar

?DestroyProgress@@YAXXZ
?ShowProgress@@YAXHHPAD@Z
?SetPosition@@YAXH@Z

kernel32

GetPrivateProfileIntA
CompareStringA
LoadLibraryA
OpenFile
FreeLibrary
QueryPerformanceFrequency
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLastError
Sleep
LCMapStringW
LCMapStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceCounter
TlsFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
RaiseException
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapFree
CloseHandle
FlushFileBuffers
WriteFile
DeleteCriticalSection
ExitProcess
GetModuleHandleA
WideCharToMultiByte
TlsAlloc
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
CreateFileA
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
wvsprintfA
LoadStringA
wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DeletePCRecIDListFromMapInfo
GetMatchingPCRecIDEntriesFromMapInfo
KeepHandheldConnectionAlive
RegisterDesktopPostSyncProcess
SyncMain

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92b98390275f27ba04679db8c5733dee

Headers

File Characteristics

Imports

sync20

hslog20

ocpprogressbar

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 44KB - Virtual size: 49KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 44KB - Virtual size: 49KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 9KB