869ff31794850415eed44632eb362026276cc8203a5742cceae7ce0a659f91e8

Sharing

Copy URL Twitter E-mail

General

Target

869ff31794850415eed44632eb362026276cc8203a5742cceae7ce0a659f91e8
Size

32KB
MD5

19c838eb3b3163ea2b2dcc19a2d06f52
SHA1

6b784b238adeb4734c2b5e52a2b9709a5f9187fa
SHA256

869ff31794850415eed44632eb362026276cc8203a5742cceae7ce0a659f91e8
SHA512

b14b06db8b4789969cfc00073f004c07ee2a3c42ff86ebe7e3217555b94b4ae8e4499594457f85be2a5ca817e01c6e1ec8739456249f6934fe165befd0b125bd
SSDEEP

384:orHxyNyslzmW8enfdCXNGMvnkIIILK1Ucrg0uTZAC:oVyNzlzmW8efQXNN/RIrrg0vC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
869ff31794850415eed44632eb362026276cc8203a5742cceae7ce0a659f91e8

Files

869ff31794850415eed44632eb362026276cc8203a5742cceae7ce0a659f91e8
.dll windows:4 windows x86 arch:x86

92cfeff08e8640fbb985f5bbc1813f65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Cvsroot\FastStudio\V7pre\RuntimeComponents\updb\RTREBaseu.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
SetThreadPriority
CreateThread
CreateEventW
CloseHandle
LeaveCriticalSection
SetEvent
HeapAlloc
GetProcessHeap
HeapFree
Sleep
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
DisableThreadLibraryCalls

dialogsu

?wPrintf@@YAXIIPBGZZ

gbtoolsu

?Enter@CCritSec@@QAEXPADK0@Z
?InsertEntry@CList@@QAEKKPAX@Z
?StopWatch@@YGNKK@Z
??1CLock@@QAE@XZ
?AppendEntry@CList@@QAEKPAX@Z
?GetNrOfEntries@CList@@QAEKXZ
?GetEntry@CList@@QAEPAXK@Z
?Leave@CCritSec@@QAEXPADK0@Z
?DelEntry@CList@@QAEKK@Z
??0CList@@QAE@KK@Z
??0CCritSec@@QAE@XZ
??1CList@@QAE@XZ
??1CCritSec@@QAE@XZ
??0CLock@@QAE@AAVCCritSec@@PADK1@Z

rmtoolsu

??0CEngine_RM2RE@@QAE@XZ
??4CEngine_RM2RE@@QAEAAV0@ABV0@@Z
??0CEngine_RM2RE@@QAE@ABV0@@Z

msvcr71

wcscat
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
__security_error_handler
?terminate@@YAXXZ
wcsncpy
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
_except_handler3
_local_unwind2

Exports

Exports

??0CRTREBase@@QAE@ABV0@@Z
??0CRTREBase@@QAE@PAVCRE2RTRM@@@Z
??1CRTREBase@@UAE@XZ
??4CRTREBase@@QAEAAV0@ABV0@@Z
??_7CRTREBase@@6B@
?AddUPN@CRTREBase@@UAEKPAUtagUPNHead@@@Z
?CanHandle@CRTREBase@@UAEKPAUtagUPNHead@@PAK@Z
?Destroy@CRTREBase@@UAEXXZ
?GetSet@CRTREBase@@UAEKKKKKPAXK@Z
?KillUPNs@CRTREBase@@UAEKKKK@Z
?Pause@CRTREBase@@UAEKK@Z
?RM_GetSet@CRTREBase@@UAEKKKKKPAXK@Z
?RM_Notify@CRTREBase@@UAEKKKK@Z
?RTRE_Abort@CRTREBase@@UAEKXZ
?RTRE_CanHandle@CRTREBase@@UAEKPAUtagUPNHead@@PAK@Z
?RTRE_GetSet@CRTREBase@@UAEKKKKKPAXK@Z
?RTRE_Pause@CRTREBase@@UAEKXZ
?RTRE_ProcessUPN@CRTREBase@@UAEKPAUtagUPNHead@@@Z
?RTRE_QueuedUPN@CRTREBase@@UAEKPAUtagUPNHead@@H@Z
?RTRE_Resume@CRTREBase@@UAEKXZ
?RenderThread@CRTREBase@@QAEXXZ
?Resume@CRTREBase@@UAEKK@Z

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cfeff08e8640fbb985f5bbc1813f65

Headers

File Characteristics

PDB Paths

Imports

kernel32

dialogsu

gbtoolsu

rmtoolsu

msvcr71

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 92B

.reloc Size: 1024B - Virtual size: 1004B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 1024B - Virtual size: 1004B