73c4774309133dfb16a46d25e9354086e00a17594c13a069649e0e8ad266bb99

Sharing

Copy URL Twitter E-mail

General

Target

73c4774309133dfb16a46d25e9354086e00a17594c13a069649e0e8ad266bb99
Size

212KB
MD5

a38dea526df3d782b5c20fbd9adcdba8
SHA1

e89ed986c794fab544dc16d70be4d8823b3b443e
SHA256

73c4774309133dfb16a46d25e9354086e00a17594c13a069649e0e8ad266bb99
SHA512

bd8565393d8c52691b4305f372160f1f7eb7dc4089e7b223791bce6aa1e2121e29a573123c916a69575b8455d1c4a680ceeece19bc509ff9f7e1419736556755
SSDEEP

3072:yfLzfhnW2mbvS8uFikSqAQAmMgkCIcSQ7LDwTyFDZGuvt:QzdubsIgkCIcSQ7LRFfvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73c4774309133dfb16a46d25e9354086e00a17594c13a069649e0e8ad266bb99

Files

73c4774309133dfb16a46d25e9354086e00a17594c13a069649e0e8ad266bb99
.exe windows:4 windows x86 arch:x86

b44757b87afc9445e83c99c5d7ed20ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sx32w

RNBOsproFindNextUnit
RNBOsproFindFirstUnit
RNBOsproFormatPacket
RNBOsproRead
RNBOsproInitialize

mfc42

ord803
ord1679
ord1773
ord5009
ord1978
ord5200
ord5651
ord3127
ord3616
ord635
ord1247
ord317
ord926
ord922
ord2820
ord3811
ord350
ord4129
ord924
ord354
ord6143
ord1205
ord1134
ord2726
ord4079
ord4226
ord6883
ord5608
ord5620
ord3337
ord1200
ord5710
ord2919
ord6141
ord5597
ord1081
ord551
ord5859
ord4277
ord2763
ord4202
ord4065
ord2107
ord5450
ord5440
ord6383
ord6394
ord639
ord322
ord6467
ord1154
ord5810
ord5481
ord2031
ord1971
ord966
ord3570
ord278
ord605
ord4335
ord4411
ord4447
ord4863
ord4975
ord5478
ord5796
ord1639
ord3069
ord2509
ord1813
ord4083
ord1814
ord2764
ord2841
ord1911
ord775
ord503
ord5605
ord2761
ord1774
ord5192
ord1994
ord3168
ord1264
ord1680
ord4150
ord6235
ord1115
ord287
ord5265
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord641
ord2086
ord324
ord4234
ord6215
ord4710
ord755
ord2379
ord470
ord1871
ord665
ord1979
ord5186
ord3789
ord610
ord5690
ord2449
ord4919
ord654
ord341
ord2077
ord5858
ord5603
ord1851
ord565
ord543
ord415
ord541
ord414
ord817
ord715
ord801
ord713
ord3663
ord3584
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord5303
ord5300
ord3346
ord2396
ord1948
ord823
ord2915
ord5572
ord4204
ord4160
ord1575
ord1106
ord4168
ord663
ord348
ord268
ord2721
ord1567
ord5970
ord5968
ord5705
ord695
ord393
ord5701
ord6322
ord5658
ord4291
ord2609
ord2490
ord2395
ord1787
ord1006
ord1261
ord535
ord5704
ord5709
ord5695
ord5698
ord5693
ord2818
ord2614
ord941
ord939
ord858
ord5703
ord5708
ord5694
ord5697
ord5692
ord537
ord825
ord540
ord860
ord800
ord6123
ord5010
ord6121
ord5242
ord3314
ord3316
ord996

msvcrt

_CxxThrowException
__CxxFrameHandler
_mbscmp
puts
sprintf
vsprintf
free
_stricmp
malloc
realloc
_purecall
_mbsnbcpy
_mbsnbicmp
rand
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln

kernel32

GetShortPathNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetComputerNameA
LoadLibraryA
GetProcAddress
SizeofResource
GetCommandLineA
GetModuleHandleA
lstrcmpiA
lstrcpynA
SetEvent
ResumeThread
GetPrivateProfileIntA
GetCurrentThreadId
GetCurrentThread
CloseHandle
GetLastError
InterlockedDecrement
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
lstrcpyA
lstrcatA
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateDirectoryA
SetHandleCount
GetTickCount
GetPrivateProfileStringA
GetVersionExA
Sleep
DeleteFileA
GlobalSize
FindClose
FindNextFileA
FindFirstFileA
GlobalFree
GlobalFlags
InterlockedExchange
GetStartupInfoA
FreeLibrary

user32

PostQuitMessage
ExitWindowsEx
IsWindow
SetTimer
MessageBoxA
LoadStringA
wsprintfA
LoadIconA
DrawIcon
GetMessageA
GetSystemMetrics
GetClientRect
IsIconic
EnableWindow
DispatchMessageA
PostThreadMessageA
CharNextA
KillTimer

advapi32

CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
OpenServiceA
OpenSCManagerA
DeregisterEventSource
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
ControlService
DeleteService
RegDeleteKeyA
CreateServiceA
ChangeServiceConfig2A
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
StartServiceCtrlDispatcherA
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoCreateInstance
OleUninitialize
CoInitializeSecurity

oleaut32

SysStringLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocString
SysFreeString

odbc32

ord11
ord4
ord13
ord16
ord3

wsock32

WSAGetLastError
shutdown
listen

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b44757b87afc9445e83c99c5d7ed20ca

Headers

File Characteristics

Imports

sx32w

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

odbc32

wsock32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 7KB