5d7669b0ef10cc1e4d020cd2ea9cc243f0b0e258449ed9e49ec2ab1b5f195514

Sharing

Copy URL Twitter E-mail

General

Target

5d7669b0ef10cc1e4d020cd2ea9cc243f0b0e258449ed9e49ec2ab1b5f195514
Size

530KB
MD5

57f25cd088681958c8929b150cfa80fd
SHA1

6e91019459d4b4ace09cabfa518346505b1ba144
SHA256

5d7669b0ef10cc1e4d020cd2ea9cc243f0b0e258449ed9e49ec2ab1b5f195514
SHA512

fc7e753bf871024992b060e72d6ffbcde264a88cfed85fa4674c0d870b414b1ceae1e7f62abaef7c6a223682e6fbfd1a96fa120c95f0f35caa5cc32fe09e9b84
SSDEEP

6144:1618edeK5bx052hexVklIbzGFMsJlnDLMcVfbqjVgG6T:16eegkbxWGSzbzGFvTMcVf3G2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d7669b0ef10cc1e4d020cd2ea9cc243f0b0e258449ed9e49ec2ab1b5f195514

Files

5d7669b0ef10cc1e4d020cd2ea9cc243f0b0e258449ed9e49ec2ab1b5f195514
.exe windows:4 windows x86 arch:x86

4d7422a778461e0e2f833d8435283419

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vcl60.bpl

@Consts@initialization$qqrv
@Consts@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Stdctrls@initialization$qqrv
@Stdctrls@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Dialogs@ShowMessage$qqrx17System@AnsiString
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Stdactns@initialization$qqrv
@Stdactns@Finalization$qqrv
@Winhelpviewer@initialization$qqrv
@Winhelpviewer@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Forms@TApplication@GetExeName$qqrv
@Forms@Application
@Imglist@initialization$qqrv
@Imglist@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv

rtl60.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@UnregisterModule$qqrp17System@TLibModule
@System@RegisterModule$qqrp17System@TLibModule
@System@FindHInstance$qqrpv
@System@@LStrSetLength$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrFromPChar$qqrr17System@AnsiStringpc
@System@@LStrAsg$qqrpvpxv
@System@@LStrClr$qqrpv
@System@@HandleFinally$qqrv
@System@TObject@Dispatch$qqrpv
@System@TObject@BeforeDestruction$qqrv
@System@TObject@DefaultHandler$qqrpv
@System@TObject@SafeCallException$qqrp14System@TObjectpv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@TObject@FreeInstance$qqrv
@System@TObject@NewInstance$qqrp17System@TMetaClass
@System@IsMemoryManagerSet$qqrv
@System@SetMemoryManager$qqrrx21System@TMemoryManager
@System@IsMultiThread
@System@IsConsole
@System@ExitProc
@System@CmdLine
@System@IsLibrary
@System@MainInstance
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@FormatDateTime$qqrx17System@AnsiString16System@TDateTime
@Sysutils@DateToStr$qqrx16System@TDateTime
@Sysutils@Now$qqrv
@Sysutils@DecodeTime$qqrx16System@TDateTimerust2t2t2
@Sysutils@FileDateToDateTime$qqri
@Sysutils@DirectoryExists$qqrx17System@AnsiString
@Sysutils@FileExists$qqrx17System@AnsiString
@Sysutils@FileAge$qqrx17System@AnsiString
@Sysutils@IntToHex$qqrii
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Typinfo@DotSep
@Typinfo@BooleanIdents
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TThread@Terminate$qqrv
@Classes@TThread@Resume$qqrv
@Classes@TThread@DoTerminate$qqrv
@Classes@TThread@AfterConstruction$qqrv
@Classes@TThread@$bdtr$qqrv
@Classes@TThread@$bctr$qqro
@Classes@TStringList@$bdtr$qqrv
@Classes@TStrings@SetDelimiter$qqrxc
@Classes@TStrings@SetDelimitedText$qqrx17System@AnsiString
@Classes@TStrings@$bdtr$qqrv
@Classes@TPersistent@$bdtr$qqrv
@$xp$15Classes@TThread
@Classes@TThread@
@Classes@TStringList@
@Math@initialization$qqrv
@Math@Finalization$qqrv
@Math@IsInfinite$qqrxd
@Math@IsNan$qqrxd
@Contnrs@initialization$qqrv
@Contnrs@Finalization$qqrv
@Strutils@initialization$qqrv
@Strutils@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv

borlndmm

ord2

kernel32

CloseHandle
CreateMutexA
FreeLibrary
GetCommandLineA
GetConsoleTitleA
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryA
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
SetConsoleCtrlHandler
SetConsoleTitleA
Sleep
WaitForSingleObject
lstrcatA
lstrcpyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAStartup
closesocket
htons
recvfrom
sendto
socket
bind

user32

FindWindowA
GetWindowThreadProcessId
SendMessageA
wsprintfA

cc3260mt

@$bdele$qpv
@$bnew$qui
@_InitTermAndUnexPtrs$qv
__ErrorExit
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argc
__argv
__argv_default_expand
__exitargv
__fgetc
__ftol
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__matherr
__matherrl
__setargv
__startup
__streams
__wargv_default_expand
_atol
_fabs
_fclose
_fopen
_fprintf
_free
_fscanf
_malloc
_memcpy
_memset
_mkdir
_printf
_sprintf
_strcat
_strcmp
_strcpy
_strlen
_vsnprintf

nidcpower_32

ord57
ord95
ord114
ord88
ord89
ord10
ord87
ord105
ord102
ord8
ord85
ord113
ord139
ord142
ord138
ord140
ord141
ord143
ord93
ord100
ord103
ord97
ord115
ord12
ord86
ord90
ord91
ord126
ord127
ord128
ord101
ord104
ord98
ord109
ord35
ord31
ord130
ord32
ord33
ord19
ord94
ord56
ord76
ord84
ord108
ord40
ord36
ord129
ord37
ord38
ord111
ord3
ord26
ord29

pci-dask

ord138
ord224
ord269
ord270

Exports

Exports

@@Verinfotool@Finalize
@@Verinfotool@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 96.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d7422a778461e0e2f833d8435283419

Headers

File Characteristics

Imports

vcl60.bpl

rtl60.bpl

borlndmm

kernel32

version

wsock32

user32

cc3260mt

nidcpower_32

pci-dask

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 296KB

.data Size: 189KB - Virtual size: 96.2MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 32KB - Virtual size: 36KB

.text
Size: 294KB - Virtual size: 296KB

.data
Size: 189KB - Virtual size: 96.2MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 32KB - Virtual size: 36KB