fc6d99aada1e610eca29eca7428255c29e15ad00ea664a52cf72379f082c56a4

Sharing

Copy URL Twitter E-mail

General

Target

fc6d99aada1e610eca29eca7428255c29e15ad00ea664a52cf72379f082c56a4
Size

111KB
MD5

03b9174b9cde97bf60ad1f9b20f16551
SHA1

fd1ba774eac3b7067ab6d829f4e990d9f04d9010
SHA256

fc6d99aada1e610eca29eca7428255c29e15ad00ea664a52cf72379f082c56a4
SHA512

7f7ac5cddc3e831f0693366eed6f38cdcc5599fe217476c3a6f6816ffde0baff705564fb6ec4ab4fed1c1d00158896b13a331901c12770202e829381c4bea928
SSDEEP

768:5n6gVCd297Q2OIn+BWzc8bk/KO0EJXCKkeRKLo3bfkvzU8IjbS9vtn2okmGuWrC4:I252I3BbkUGXCFasokvzUCjOluuCUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6d99aada1e610eca29eca7428255c29e15ad00ea664a52cf72379f082c56a4

Files

fc6d99aada1e610eca29eca7428255c29e15ad00ea664a52cf72379f082c56a4
.exe windows:4 windows x86 arch:x86

056744c88131d1e5d06ee1b8ffe82e8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

asinet1c

SOCKETOPEN
SOCKETSEND
SOCKETRECV
SOCKETCLOSE

dclipx

DC_GETTEMPLATE
DC_GETLISTSET
DC_GETANCHORCB
DC_BROWPRES
DC_LOGICTEST
DC_READGUI
DC_SETSCOPE
DC_DBEVAL
DC_WINALERT
DC_XTOC

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
?retNil
?conNRelease
?frameExit
?ehUnwind
?conNewNil
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?conNNewNil
?momSOff
ACREATE
VALTYPE
?domXEql
?orShortCut
?domOr
?retStackValue
?domAssign
?symPublicConst
SPACE
?pushCodeBlock
AADD
?symRefItemConst
?symGetItemConst
LEN
__vft19ConNumericIntObject10AtomObject
EVAL
PROCNAME
PROCLINE
?domPostInc
VERSION
?conNReleaseL
?conNewCon
?domValXEql
ASIZE
?conSendItem
__vft20ConStringConstObject10AtomObject
SET
__vft14ConLogicObject10AtomObject
DBUSEAREA
ORDLISTADD
ORDSETFOCUS
TRIM
DBCLOSEALL
?domGetElem
DBGOTO
?domEql
?andShortCut
?domAnd
?retStackItem
?conRelease
?domValNEql
LTRIM
?domAdd
ALLTRIM
VAR2BIN
U2BIN
SUBSTR
CHR
?domNEql
?domGCmp
STR
BIN2U
?domLECmp
?domAddEqu
FCREATE
FWRITE
FCLOSE
BIN2VAR
ARRAY
?domRefElem
?getRFCC
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_70_0
___xpprt1Version
FIELDPOS
?conNewString
?domSubStr
?domNot
?executeMacro
SELECT
DBSELECTAREA
BREAK
?pushDynamicCodeBlock
ERRORBLOCK
?ehUnsetContext
?ehGetBreakContainer
PCOUNT
FCOUNT
EMPTY
ASCAN
FIELDGET
AEVAL
FIELDPUT
WORKSPACELIST
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
DBRROLLBACK
?conMemberToItem
DBSESSION
ISFUNCTION
?conAssignRefWMember
APPTYPE
SETAPPWINDOW
ROW
COL
ALERT
SETPOS
_BREAK
ERRORLEVEL
_QUIT
?domInc
?floadTos
STRTRAN
CONFIRMBOX
?domValGCmp
ROOTCRT
PADL
TONE
QOUT
OUTERR
MSGBOX
REPLICATE
APPNAME
DATE
TIME
OS
VAR2CHAR
QQOUT
MLCOUNT
MEMOLINE

xppdbgc

__XPPdbgClient

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 807B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

056744c88131d1e5d06ee1b8ffe82e8d

Headers

File Characteristics

Imports

asinet1c

dclipx

xpprt1

xppdbgc

Sections

.text Size: 88KB - Virtual size: 87KB

.data Size: 11KB - Virtual size: 11KB

.xpp Size: 1024B - Virtual size: 807B

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 87KB

.data
Size: 11KB - Virtual size: 11KB

.xpp
Size: 1024B - Virtual size: 807B

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB