280f6f67e2559ade9a951e845793373e8ad0829153b066e7b0aeae796ced2d63

Sharing

Copy URL

Twitter E-mail

General

Target

280f6f67e2559ade9a951e845793373e8ad0829153b066e7b0aeae796ced2d63
Size

1.5MB
MD5

a598ae15cbfe9ddd843d0ae94bd83bc4
SHA1

7c4beab08c9076f5d028ffbe9cbe8cd5d2efed24
SHA256

280f6f67e2559ade9a951e845793373e8ad0829153b066e7b0aeae796ced2d63
SHA512

7d343e72bca07f019a6ff3d70e353d5a4ca0ba68dbeb7250e2cd2eb599e1316ed459dab5c68aa3241a9bb4c126d98554b027f600af9c9f691c0507b83b7c63aa
SSDEEP

12288:cJz+I8WCoHx1VbewS2kteoVLr8SKC4LllV+ZVEh4ZKrpjfCAAAAAAAAxPex7K:cfLCoHx1VczLr8SMhtj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
280f6f67e2559ade9a951e845793373e8ad0829153b066e7b0aeae796ced2d63

Files

280f6f67e2559ade9a951e845793373e8ad0829153b066e7b0aeae796ced2d63
.exe windows:1 windows x86 arch:x86

6eb1d1430892fb4838973392a09467df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

c5runx

Cla$ACCEPTED
Cla$ADDqueue
Cla$ADDqueuekey
Cla$BEEP
Cla$BindG
Cla$CLEAR
Cla$clearstr
Cla$ClearType
Cla$CLOCK
Cla$CLOSEwindow
Cla$code
Cla$COMMAND
Cla$DecAdd
Cla$DecDistinct
Cla$DecSub
Cla$DELETEqueue
Cla$DInt
Cla$DISABLE
Cla$DISPLAY
Cla$DPopLong
Cla$DPopReal
Cla$DPushLong
Cla$DStack2Stack
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ERRCODE
Cla$EVENT
Cla$FIELD
Cla$FileExists
Cla$FREEqueue
Cla$FreeUfo
Cla$freewindow
Cla$GetPropS
Cla$GETqueuekey
Cla$Group2Ufo
Cla$init
Cla$KEYCODE
Cla$Locale
Cla$Mem2Ufo
Cla$OPENwindow
Cla$paopen
Cla$PopBind
Cla$PopCString
Cla$PopReal
Cla$POST
Cla$PushBind2
Cla$PushCString
Cla$PushLong
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$pwopen
Cla$RemoveFile
Cla$RUN
Cla$SELECT
Cla$SET3DLOOK
Cla$SETCURSOR
Cla$SETKEYCODE
Cla$SETPATH
Cla$SetPropS
Cla$SetPropV
Cla$SHORTPATH
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompare
Cla$StackCompareN
Cla$StackConcat
Cla$StackConcatR
Cla$StackErrstr
Cla$StackRIGHT
Cla$StackRotate
Cla$START
Cla$START2
Cla$StartEventLoop
Cla$StashBP
Cla$storecstr
Cla$storestr
Cla$THREAD
Wsl$CloseDown
_exit
_free
_longjmp
_malloc
_setjmp
__checkversion
__sysinit

cdncmn32

$APPFRAMEHEIGHT
$APPFRAMEWIDTH
$APPLICATIONID
$APPREGISTRYROOT
$GLOBALREQUEST
$GLOBALRESPONSE
$GLOBALTHREADS
$GT:ACTIVETHREAD
$GXLSTART
$G_OTWARTEOKNOCDNERR
$G_WSP_QBANPROCEDURE
$LOKALNA_FIRMA
$LOKALNY_KATALOG
$LSUBCLASSUJ
$ODICTIONARY
$OGE
CDNDIRDIALOG@FSBRSCL
CDNERR@FOULOSBOSBOSBOSB
GETFROMREGISTRY@FSBSBUL
GETXLAPIACTIVE@F
GPFPROTECTOR@F
SUBCLASSCONTROLS@F14T_QIDKONTROLEK
SUBCLASSFRAMEXL@FLUC
TCB$GLOBALTHREADS
TCB$G_WSP_QBANPROCEDURE
TODAY@F
USTAWPRACENAJEDNYMRDZENIU@F
XLCHECKOPEN@FSBBFRLLOUCOUC
XLGETCONTROLHANDLE@FLUC

cdn_adm

STRUKTURAFIRMY@F

cdn_anl

ANNLISTA@F
ANRLISTA@F

cdn_call

CLBKLISTA_CALL@F
DEFINICJEDOKUMENTOW_CALL@F
DODAJZAKAZKONTEKSTOWY_CALL@F
INBOX_CALL@F
KATEGORIELISTA_CALL@F
KONFIGURACJA_CALL@F
OPISLISTA_CALL@F
PRCLISTA_CALL@F
SKASUJUSTAWIENIAOKIEN_CALL@F
STRUKTURAPROJEKTOW_CALL@F
TERMINARZ_CALL@F
USTAWIENIAUZYTKOWNIKA_CALL@F
WFLOKNOPRZYPOMNIENIA_CALL@F
WMRLISTA_CALL@F
WYBIERZOKRES_CALL@F

cdn_clbk

CALLBACKAFTERWINDOWOPENING@FL
CALLBACKEVENTS@FL
CALLBACKEVENTSAFTERHANDLING@FL
CALLBACKONEXIT@FL
CALLBACKONINIT@FL
CALLBACKONRETURN@FL
CALLBACKSETCONTROLIDS@FL14T_QIDKONTROLEK

cdn_cls

AFTERWINDOWCLOSING@F21CDNWINDOWMANAGERCLASS
AFTERWINDOWOPENING@F21CDNWINDOWMANAGERCLASS
BEFOREWINDOWCLOSING@F21CDNWINDOWMANAGERCLASS
BEFOREWINDOWOPENING@F21CDNWINDOWMANAGERCLASS
CANCELWINDOW@F21CDNWINDOWMANAGERCLASSL
CLOSEWINDOW@F21CDNWINDOWMANAGERCLASSL
CONSTRUCT@F14SYSTEMLOGCLASS
CONSTRUCT@F21CDNWINDOWMANAGERCLASS
CONSTRUCT@F21PROCEDUREMANAGERCLASS
DESTRUCT@F14SYSTEMLOGCLASS
DESTRUCT@F21CDNWINDOWMANAGERCLASS
DESTRUCT@F21PROCEDUREMANAGERCLASS
HANDLEEVENT@F21CDNWINDOWMANAGERCLASS
HYDRADODAJKONTROLKEDOKOLEJKI@F14T_QIDKONTROLEKLSB
INICJALIZACJA@F21PROCEDUREMANAGERCLASS
INIT@F21CDNWINDOWMANAGERCLASS
INITFM@F22DICTIONARYMANAGERCLASS
KILL@F21CDNWINDOWMANAGERCLASS
PODAJPROCEDURAID@F21PROCEDUREMANAGERCLASS
POKAZPOMOC@FSBSB
POSTHANDLEEVENT@F21CDNWINDOWMANAGERCLASSL
PREHANDLEEVENT@F21CDNWINDOWMANAGERCLASS
PROCEDURESETUP@F21CDNWINDOWMANAGERCLASS
REFRESHWINDOW@F21CDNWINDOWMANAGERCLASSL
RESTOREWINDOWPOS@F21CDNWINDOWMANAGERCLASS
SAVEWINDOWPOS@F21CDNWINDOWMANAGERCLASS
SENDEVENT@F21CDNWINDOWMANAGERCLASS
SETALERTS@F21CDNWINDOWMANAGERCLASS
SETWINDOWMINMAXSIZE@F21CDNWINDOWMANAGERCLASS
TAKEEVENT@F21CDNWINDOWMANAGERCLASS
TYPE$SYSTEMLOGCLASS
USTAWINFOPROCEDURY@F21PROCEDUREMANAGERCLASSSB
VMT$SYSTEMLOGCLASS
ZAKONCZENIE@F21PROCEDUREMANAGERCLASS

cdn_fm

INIT_FM@F

cdn_glb1

$Grupa_konfiguracji
$g_hasp_gDaneKlucza
$OPEKARTY
$OPEKARTY::USED
OPEKARTY$OPE:RECORD
OPEKARTY$TYPE$OPE:RECORD

cdn_kflt

INIT_KFLT@F

cdn_konf

SESLISTA@F

cdn_proc

CDNABOUT@FOL
INICJALIZACJA_SYSTEMU@FOL
INICJUJSESJE@FL
OKNOOFERTACOMARCHERP@FL
PODAJCENTRUMNAZWA@FL
PODAJOPEIDENT@FSBOL
ZAMKNIECIE_SYSTEMU@F
ZMIANAKONTEKSTUOPERATORA@F
ZMIANAOPERATORA@F
ZMIEN_HASLO@F

cdn_rozw

ZWNLISTA@F

cdn_scls

SPRAWDZLICENCJE@F23XLPROCEDUREMANAGERCLASS
SPRAWDZPRAWA@F23XLPROCEDUREMANAGERCLASS
THROW@F17ERRORMANAGERCLASSLSBOSBOSBOSB

cdn_tool

KLUCZSPRZETOWY_PODAJNAZWEMODULU@FL
POBIERZWERSJEPROGRAMU@FRURUPU
SYSTEMTIMERHANDLER@F
USTALTAPETE@FRSCRUCRUC
USTAWDATESYSTEMOWA@F
WYWOLAJURL@FUCLSB

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 672B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eb1d1430892fb4838973392a09467df

Headers

File Characteristics

Imports

c5runx

cdncmn32

cdn_adm

cdn_anl

cdn_call

cdn_clbk

cdn_cls

cdn_fm

cdn_glb1

cdn_kflt

cdn_konf

cdn_proc

cdn_rozw

cdn_scls

cdn_tool

Sections

.text Size: 22KB - Virtual size: 22KB

.bss Size: - Virtual size: 672B

.data Size: 7KB - Virtual size: 6KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 22KB

.bss
Size: - Virtual size: 672B

.data
Size: 7KB - Virtual size: 6KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 4KB - Virtual size: 3KB