9a4848bc714a6bde512a1a492d787e72e7d8a1151f6dfeb9a1086c4508625013

Sharing

Copy URL Twitter E-mail

General

Target

9a4848bc714a6bde512a1a492d787e72e7d8a1151f6dfeb9a1086c4508625013
Size

16KB
MD5

570101309ed9bdb7b4ebd0b107cb0d3e
SHA1

a1904ad245b9ec5af2efafb50c79b617faeab998
SHA256

9a4848bc714a6bde512a1a492d787e72e7d8a1151f6dfeb9a1086c4508625013
SHA512

1dfcf60b2fbbd5596af0cc57fca60b02952a7859b4c289a6abfc2805c32bbf29f45c82236d7848e9693961d55a8270095b7162f664e09deb17a354d3c63b67ab
SSDEEP

384:mErFis8q0hXGWfjskyMEiqERjGVaFIYAXKtWMmlEJ8:TpisvyXGWIkyMEiqYuYSKtWMmK8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a4848bc714a6bde512a1a492d787e72e7d8a1151f6dfeb9a1086c4508625013

Files

9a4848bc714a6bde512a1a492d787e72e7d8a1151f6dfeb9a1086c4508625013
.exe windows:4 windows x86 arch:x86

0ac128656d6122cf11955a19b7845dd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SATTBII\lc32\lpm1\satlpm1.pdb

Imports

qtcore4

??0QString@@QAE@XZ
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
??1QByteArray@@QAE@XZ
??8QString@@QBE_NABV0@@Z
?toUpper@QString@@QBE?AV1@XZ
??4QString@@QAEAAV0@ABV0@@Z
??1QString@@QAE@XZ
?fromAscii_helper@QString@@CAPAUData@1@PBDH@Z
?sprintf@QString@@QAAAAV1@PBDZZ
?utf16@QString@@QBEPBGXZ
??9QString@@QBE_NPBD@Z
??YQString@@QAEAAV0@PBD@Z
?append@QString@@QAEAAV1@ABV1@@Z
??4QString@@QAEAAV0@PBD@Z

ole32

CoUninitialize
CoCreateInstance
CoInitialize

satzos

??0ZOSXFATL@@QAE@ABV0@@Z
??1ZOSXFATL@@UAE@XZ
??0ZOSXFATL@@QAE@JABVQString@@HV1@@Z
?GetVarVolatile@ZOSENV@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?GetVar@ZOSENV@@SAFABVQString@@AAV2@W4ZOSENV_EDCONTEXT@@@Z
?ZosEnv_CnStLc32Ver5_2@@3VQString@@B
?ZosEnv_CnStLc32Ver5_1@@3VQString@@B
?ZosEnv_CnStLc32Ver5_0@@3VQString@@B
?GetVarDb@ZOSENV@@SAFABVQString@@AAV2@@Z
??1ZOSQUEUE@@UAE@XZ
?Receive@ZOSQUEUE@@QAEXPAEHPAHH@Z
?Init@ZOSQUEUE@@QAEFABVQString@@HHW4ZOS_EDQUESCOPE@@H@Z
?Zos_CnWaitInfinite@@3HB
??0ZOSQUEUE@@QAE@_N@Z
?Reset@ZOSEVSEM@@QAEXXZ
?Kill@ZOSPRCSS@@QAEXXZ
??0ZOSPRCSS@@QAE@PAX@Z
?GetHandlesForName@ZOSPRCSS@@SAFABVQString@@PAPAXPAH_N@Z
??1ZOSGTHRD@@UAE@XZ
??1ZOSEVSEM@@UAE@XZ
?Wait@ZOSEVSEM@@QAEFJ@Z
?Run@ZOSGTHRD@@UAEXH@Z
??0ZOSGTHRD@@QAE@ABVQString@@P6AXPAX@ZQBXPAVGwCore@@@Z
?Sleep@ZOSTHRD@@SAXK@Z
?SetVar@ZOSENV@@SAFABVQString@@0W4ZOSENV_EDCONTEXT@@@Z
?ZosEnv_CnStLc32Ver3_5@@3VQString@@B
??1ZOSPRCSS@@UAE@XZ
?Run@ZOSPRCSS@@QAEHW4ZOSPRCSS_EDTYPE@@_NW4ZOSPRCSS_EDVISIBLE@@PA_N11@Z
??0ZOSPRCSS@@QAE@ABVQString@@0HPAHW4ZOSPRCSS_EDNAMESPEC@@@Z
?IsLc32Installed@ZOSENV@@SAFW4ZOSENV_EDLC32EDITION@@ABVQString@@HPA_NK@Z
?IsTerminalServerEnabled@ZOSUTILS@@SA_NXZ
?Send@ZOSEVSEM@@QAEXXZ
?ZosEnv_CnStLc32Ver4_2@@3VQString@@B
?ZosEnv_CnStLc32Ver4_0@@3VQString@@B
?ZosEnv_CnStLc32Ver4_1@@3VQString@@B
??0ZOSEVSEM@@QAE@ABVQString@@@Z
?DoCExptionReport@ZOSXFATL@@SAXHABVQString@@@Z
?Report@ZOSXFATL@@QAEXXZ
??1ZOSCLASS@@UAE@XZ
??1ZOSSHMAR@@UAE@XZ
?StartLoop@ZOSWIN@@SAXP6AXPAX@ZQBX0@Z
?FreePtr@ZOSSHMAR@@QAEXXZ
?GetPtr@ZOSSHMAR@@QAEPAEW4ZOS_EDAREAFLAG@@@Z
??0ZOSSHMAR@@QAE@HJ@Z
?SetVarVolatile@ZOSENV@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetDbCodePage@ZOSUTILS@@SAXH@Z
??0ZOSCLASS@@QAE@ABVQString@@PAVZOSWTCBS@@H@Z

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr71

_exit
__CxxFrameHandler
_CxxThrowException
_putenv
strtol
strlen
??3@YAXPAX@Z
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
??1type_info@@UAE@XZ
_c_exit
_onexit
__dllonexit
_except_handler3
__security_error_handler
getenv

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
SetErrorMode
SetUnhandledExceptionFilter

Exports

Exports

??0LPD_SDCOMSERVER_NLSLANG@@QAE@XZ
??4LPD_SDCOMSERVER_NLSLANG@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ac128656d6122cf11955a19b7845dd5

Headers

File Characteristics

PDB Paths

Imports

qtcore4

ole32

satzos

msvcp71

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 196B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 196B