a41445d8eb12446ded7d3a565dd183f1a6f6a5382f43c7714825312b6cf8127b

Sharing

Copy URL Twitter E-mail

General

Target

a41445d8eb12446ded7d3a565dd183f1a6f6a5382f43c7714825312b6cf8127b
Size

151KB
MD5

0e38ba111bba0a3825ea07fadd368186
SHA1

ad334f96ecace97ac466c98943430152db98bae6
SHA256

a41445d8eb12446ded7d3a565dd183f1a6f6a5382f43c7714825312b6cf8127b
SHA512

4232a71364e92e59642b0505e38234e871213794cbbd4221731a86518c83560b2beaffc01455972a554b0f9d2dfaa1cc8af883fefbbdf428d59dc735c0441725
SSDEEP

1536:4BppTgGrCm4aiywAwEA6lelonz3Nl6/MMJUs5RIhiMMszI:4Vt+qi8A61zeMMNxMM6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a41445d8eb12446ded7d3a565dd183f1a6f6a5382f43c7714825312b6cf8127b

Files

a41445d8eb12446ded7d3a565dd183f1a6f6a5382f43c7714825312b6cf8127b
.exe windows:4 windows x86 arch:x86

feabf265653b7f5c761646d11c42e76a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bazne

GDE_EXE
DB_PUT
BAZA
RUN_STOP
XC_KVIDI

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewString
?symContextInit
?conNewNil
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
ACREATE
?symPublicConst
DATE
SET
?symRefItemConst
?getRFPC
?domAssign
CURDIR
SETAPPWINDOW
?conSendItem
XBPDIALOG
?conAssignRefWMember
?pushCodeBlock
?conMemberToItem
XBPSTATIC
NATIONMSG
?domAdd
XBPPUSHBUTTON
__vft19ConNumericIntObject10AtomObject
POSTAPPEVENT
SETAPPFOCUS
APPEVENT
_KEYBOARD
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
_SYMNILPRIVATES
DBCLOSEALL
DBSELECTAREA
_QUIT
?retStackItem
FILE
PCOUNT
CONFIRMBOX
CHR
RUNSHELL
?symPrivateConst
APPNAME
AT
?domSub
SUBSTR
?domValEql
?retStackValue
MSGBOX
?domGetElem
?domDiv
INT
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_70_0
___xpprt1Version
BREAK
?pushDynamicCodeBlock
ERRORBLOCK
WORKSPACELIST
LEN
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
?ehUnsetContext
?ehGetBreakContainer
?conRelease
DBRROLLBACK
DBELOAD
?domNot
ALERT
DBEBUILD
?domSubStr
?orShortCut
?domOr
?domXEql
?andShortCut
?domAnd
DBSESSION
?domEql
ISFUNCTION
?executeMacro
AADD
EMPTY
STR
LTRIM
APPTYPE
ROW
COL
SETPOS
?domValXEql
_BREAK
ERRORLEVEL
?domInc
PROCNAME
TRIM
PROCLINE
?floadTos
STRTRAN
?domValGCmp
VALTYPE
?domAddEqu
ROOTCRT
PADL
TONE
QOUT
OUTERR
REPLICATE
TIME
VERSION
OS
SPACE
VAR2CHAR
QQOUT
AEVAL
MLCOUNT
MEMOLINE

xppdbgc

__XPPdbgClient

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

feabf265653b7f5c761646d11c42e76a

Headers

File Characteristics

Imports

bazne

xpprt1

xppdbgc

Sections

.text Size: 86KB - Virtual size: 85KB

.data Size: 10KB - Virtual size: 9KB

.xpp Size: 1024B - Virtual size: 994B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 85KB

.data
Size: 10KB - Virtual size: 9KB

.xpp
Size: 1024B - Virtual size: 994B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 4KB - Virtual size: 4KB