dc1f095f7b9f66b0d19b81d25d00c5e0572ccaf464f0fec116ebbad4a614e230

Sharing

Copy URL Twitter E-mail

General

Target

dc1f095f7b9f66b0d19b81d25d00c5e0572ccaf464f0fec116ebbad4a614e230
Size

63KB
MD5

3b3bae9861c0b3e34f4640411bcada39
SHA1

bb60a02c5ab4c4891614efb983036b57a5ebd1f9
SHA256

dc1f095f7b9f66b0d19b81d25d00c5e0572ccaf464f0fec116ebbad4a614e230
SHA512

d0cfcfb3bffc239f9af221e4dc8dc92007515ce18efffc144b3053a8c8d09d2957be4b52dc0af2c0ef4b9f50cd8141f2e80994d7df25ee14c17afea121679f08
SSDEEP

1536:LMNzGx6n5gKSOMcIPiQeCU49tyz8mOtV5c1Hr:wNzGx6n3weC9mSV5ch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc1f095f7b9f66b0d19b81d25d00c5e0572ccaf464f0fec116ebbad4a614e230

Files

dc1f095f7b9f66b0d19b81d25d00c5e0572ccaf464f0fec116ebbad4a614e230
.dll windows:6 windows x86 arch:x86

fd189dcdb89c56c0b06545cc496d6121

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\depot\bas\753_REL\fes_800_REL\src\opt\ntintel\sapawrfc.pdb

Imports

sapawole

AwAddClsidMapping
AwRemoveClsidMapping
AwGetClsidMapping
AwSetTraceContext
AwGetErrorDescription
AwCreateVariant
AwCreateClient
AwGetType
AwSetType
AwGetStringValue
AwCallMethod
AwManageContext
AwSetCurrentIMode
AwCleanUp
AwDestroyDriver
AwCreateDriver
AwDestroyClient
AwDestroyVariant

guirfc

ItAppLine
ItFree
ItFill
ItLeng
ItGetLine
RfcCreateItabObj
RfcGetCodePagesInfo
RfcGetData
RfcSendData
RfcRaise
ItDelete
RfcRaiseTables
RfcAllocString
RfcPlayback
ItRegTable
ItGupLine
RfcFreeString
RfcInstallFunction

sapfewtr

FEWTraceExit
FEWTraceIncIndentation
FEWTraceDecIndentation
FEWTraceRaw
TraceAutomationEx
FEWTraceRawHexDump
FEWTraceComponentC
TraceAutomationEx2
FEWTraceComponentHexDump
FEWTraceInit
FEWTraceGetComponentLevel
FEWTraceComponent
FEWTraceRawDump

sapfewcx

CXGetSlotData
CXSetSlotData
CXGetFontCodePage

sapfewut

UtlDestroyTickClock
FillWithBlanks
RemoveBlanksFromText
UtlStopTickClock
UtlStartTickClock
UtlCreateTickClock

mfc140

ord3841
ord1510
ord325
ord1051
ord2359
ord2241
ord2406
ord2409
ord2372
ord2408
ord485
ord2263
ord2397
ord2294
ord2178
ord2370
ord1509
ord1529
ord1507
ord265
ord266
ord1522
ord5093
ord2405
ord2381
ord6724
ord316
ord310
ord1044
ord12503
ord5095
ord261
ord4841
ord3230
ord1050
ord324
ord1448
ord4715
ord2003
ord975
ord14571
ord12348
ord8716
ord4732
ord4653
ord12704
ord2985
ord1688
ord1685
ord1521
ord1519
ord1043
ord296
ord12502
ord5094
ord4807

kernel32

GetLastError
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
CloseHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx

ole32

CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysStringLen
SysFreeString

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__current_exception_context
__current_exception
strchr
memcmp
memcpy
__CxxFrameHandler3
memset
__std_terminate
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncpy_s
_wcsicmp
_stricmp
strcpy_s
strlen
wcslen
strcmp
strncmp
strncpy
toupper

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initterm
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo
_errno
_crt_atexit
_seh_filter_dll
terminate
_configure_narrow_argv

Exports

Exports

GetFlushCounter
RCOAddClsidMapping
RCOAutomationBridgeCleanup
RCOErrorLog
RCOExit
RCOExitSession
RCOExitTrace
RCOGetClsidMapping
RCOGetServiceDescription
RCOInit
RCOInitSession
RCOInitSessionEx
RCOInitTrace
RCOInitTraceFEW
RCOInstallFunctions
RCOManageContext
RCORemoveClsidMapping
RCOSetCurrentIMode
RCOUnInstallFunctions
ResetFlushCounter

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd189dcdb89c56c0b06545cc496d6121

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sapawole

guirfc

sapfewtr

sapfewcx

sapfewut

mfc140

kernel32

ole32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB