9e1e3270f68f5ad6e62f27cc1a0d09b85a1ddfcedb89da9386ea872ae64d4f3f

Sharing

Copy URL

Twitter E-mail

General

Target

9e1e3270f68f5ad6e62f27cc1a0d09b85a1ddfcedb89da9386ea872ae64d4f3f
Size

121KB
MD5

f411d6075efe59d3fbcb4b730d6366a6
SHA1

bafcbfc1d3ce6eb00c1cce6aea574f85441e2d96
SHA256

9e1e3270f68f5ad6e62f27cc1a0d09b85a1ddfcedb89da9386ea872ae64d4f3f
SHA512

499129aedc8c75c276c569b026985c502c4aa585700675766402057ebe3dbd769e9793108ce2b58295e8c7c4377beb7f9efdff83c6e99ff0524a8ce4918efc71
SSDEEP

1536:3SkApy+K4U9D3plGe64r5zWwCWbHyZfDlBiqgxMxSfB:iHpyDhWwCg2BkJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e1e3270f68f5ad6e62f27cc1a0d09b85a1ddfcedb89da9386ea872ae64d4f3f

Files

9e1e3270f68f5ad6e62f27cc1a0d09b85a1ddfcedb89da9386ea872ae64d4f3f
.exe windows:4 windows x86 arch:x86

379c989a718b582bcf3f30b872a323fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vdbsee1o

DFS
DFCLOSE
DFUSE

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?momSOff
ARRAY
?domValXEql
?domRefElem
?domAssign
VALTYPE
UPPER
EMPTY
?retStackValue
?retStackItem
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
__vft19ConNumericIntObject10AtomObject
__vft20ConStringConstObject10AtomObject
?conNewCon
ACREATE
DBSTRUCT
LEN
SELECT
?domInc
?domValLECmp
?domGetElem
FIELDPOS
?domSubStr
?domNot
ADEL
?domDec
ATAIL
ASIZE
AT
?domAddEqu
FCREATE
?domValNEql
DBSELECTAREA
BREAK
?pushCodeBlock
ERRORBLOCK
DBEVAL
FCLOSE
?conRelease
DELETED
FIELDGET
ALLTRIM
FIELDINFO
STR
DTOS
?domValLCmp
CHR
FWRITE
DBDELETE
?ehUnsetContext
?ehGetBreakContainer
?retNil
ERROR
?conSendItem
?conAssignRefWMember
EVAL
AADD
?setSWArea
?restWArea
MEMOREAD
?domXEql
DBAPPEND
?andShortCut
LEFT
?domAnd
?domAdd
SUBSTR
STRTRAN
FIELDPUT
VAL
STOD
FSEEK
SPACE
FREAD
__vft14ConLogicObject10AtomObject
RAT
INT
MAX
__vft21ConNumericFloatObject10AtomObject
__vft14ConStringShort10AtomObject
?symPrivateConst
?symRefItemConst
DBUSEAREA
?getRFCC
DBCLOSEAREA
?getRFPC
?domSub
SET
EOF
RIGHT
DBSKIP
?domEql
?setCWArea
?getWFCC
ROUND
STRZERO
REPLICATE
?domValEql
?domMul
DBCOMMIT
?orShortCut
?domOr
FERASE
_COPYFILE
DBCLOSEALL
?conNNewNil
FILE
FOPEN
?getWFPC
?domDiv
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_82_0
___xpprt1Version
APPTYPE
APPDESKTOP
XBPCRT
APPNAME
?conNewString
SETAPPWINDOW
ROOTCRT
?pushDynamicCodeBlock
WORKSPACELIST
DBRROLLBACK
DBELOAD
ALERT
DBEBUILD
?conMemberToItem
DBSESSION
ISFUNCTION
?executeMacro
LTRIM
DOSERRORMESSAGE
ROW
COL
SETPOS
_BREAK
ERRORLEVEL
_QUIT
PROCNAME
TRIM
PROCLINE
?floadTos
CONFIRMBOX
?domValGCmp
PADL
TONE
QOUT
OUTERR
MSGBOX
DATE
TIME
VERSION
OS
VAR2CHAR
QQOUT
AEVAL
MLCOUNT
MEMOLINE
RTRIM

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

379c989a718b582bcf3f30b872a323fd

Headers

File Characteristics

Imports

vdbsee1o

xpprt1

Sections

.text Size: 102KB - Virtual size: 101KB

.data Size: 8KB - Virtual size: 8KB

.xpp Size: 1024B - Virtual size: 857B

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 101KB

.data
Size: 8KB - Virtual size: 8KB

.xpp
Size: 1024B - Virtual size: 857B

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB