79f738fb740a2cb13f98f0452a68288c688f87d49982e7272481db247566b1ca

Sharing

Copy URL Twitter E-mail

General

Target

79f738fb740a2cb13f98f0452a68288c688f87d49982e7272481db247566b1ca
Size

157KB
MD5

c5ed702e02b1a86b43e70de324555156
SHA1

82029635fe4243070118c8a56cb8f543e929e3b8
SHA256

79f738fb740a2cb13f98f0452a68288c688f87d49982e7272481db247566b1ca
SHA512

f279cc143813b4a8bc6343dc77336847c67b42fc435cee7f13290019735482d065fd30ffdf99c19172bdb4b64dcbd038f0e039054c75b11394b1c14a3d89955b
SSDEEP

1536:O7QPWw8pEKuzxOST64SfY6dN7O0jBIoCgnem4vIoizVi:OQPUpSzT64SfY6dNKTvBWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79f738fb740a2cb13f98f0452a68288c688f87d49982e7272481db247566b1ca

Files

79f738fb740a2cb13f98f0452a68288c688f87d49982e7272481db247566b1ca
.exe windows:4 windows x86 arch:x86

58f188dec0f5fc2d0b255df526709178

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

sigidpub

R_INITPDR
M_XWAIT
M_ZAPISZSOKTHR
M_SETFONTCOMPOUNDNAME
M_USTAWKURSOR
M_VER_APLIK
L_USE
L_CLOSEDBF
M_BOXCR
CSOK_EXPORT
FW_SHUSE
R_RUNHINT

sigidnet

R_GETMAC

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?retNil
?conNRelease
?frameExit
?ehUnwind
__vft19ConNumericIntObject10AtomObject
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?symPrivateConst
?domAssign
?momSOff
SET
?retStackValue
SETLOCALE
?symRefItemConst
ACREATE
?getRFPC
?domRefElem
APPDESKTOP
?conSendItem
?domDiv
SETAPPWINDOW
?symPublicConst
?conAssignRefWMember
SETAPPFOCUS
?domValXEql
?conMemberToItem
TYPE
_SYMLOAD
_SYMSAVE
?conNReleaseL
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
?conNewNil
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conRelease
?conGetSelfClass
?retStackItem
?conNewCon
?pushCodeBlock
POSTAPPEVENT
?domGetElem
_KEYBOARD
?domNot
APPEVENT
?domXEql
?andShortCut
?domAnd
EMPTY
SETCANCEL
UPPER
NATIONMSG
?domAdd
?domGECmp
?domLCmp
XBPFONT
FILE
DLLLOAD
SUBSTR
DBSELECTAREA
EOF
BOF
?getRFCC
?domSubStr
CHR
MSGBOX
?orShortCut
?domOr
?domMul
LEN
DATE
YEAR
?domValLCmp
SELECT
ALLTRIM
DBCLOSEAREA
OS
GETENV
CONVTOOEMCP
SPACE
TRIM
LOADRESOURCE
LEFT
_EARLYBOUNDCODEBLOCK
DBLOCATE
FOUND
AINS
EVAL
AADD
AEVAL
DLLCALL
DLLUNLOAD
BIN2U
?domSub
?domValGCmp
ACLONE
ARRAY
DBELOAD
ALERT
DBEBUILD
DBESETDEFAULT
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_2_00_0
___xpprt1Version

xppsys

GRAMAKERGBCOLOR
APPEXIT
ERRORSYS

xppdui

XBPSTATIC
XBPDIALOG

xppdbgc

__XPPdbgClient

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 512B - Virtual size: 438B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58f188dec0f5fc2d0b255df526709178

Headers

File Characteristics

Imports

sigidpub

sigidnet

xpprt1

xppsys

xppdui

xppdbgc

Sections

.text Size: 89KB - Virtual size: 88KB

.data Size: 15KB - Virtual size: 14KB

.xpp Size: 512B - Virtual size: 438B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 88KB

.data
Size: 15KB - Virtual size: 14KB

.xpp
Size: 512B - Virtual size: 438B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 5KB - Virtual size: 5KB