4fa73bcad97835ea955d5f2ae1c58a6d65aec358ba4c22f1c998bdefe9f64678

Sharing

Copy URL Twitter E-mail

General

Target

4fa73bcad97835ea955d5f2ae1c58a6d65aec358ba4c22f1c998bdefe9f64678
Size

104KB
MD5

e28952d82a43e80984699c7e767b9a85
SHA1

ac0a4415b4a68c22409609c9d7f9d8603efcaab8
SHA256

4fa73bcad97835ea955d5f2ae1c58a6d65aec358ba4c22f1c998bdefe9f64678
SHA512

ff7cb41e8c51a5459cf3c0efd1ecb14aee3f06a219f789e19c2bf4f95891d59f9035bd422c120cbb0710b3ef1b01544c369358603df39cd0c9f8d32a33d88bc8
SSDEEP

1536:AKQdjGL8C0QthmM3IWcHJLPDZZSApsAzgQftftsRqP+QhcSTK+MFCvJgZP1aJ:KwLvhBIWILtZSAp3HN6qPLcSTKeEPgJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fa73bcad97835ea955d5f2ae1c58a6d65aec358ba4c22f1c998bdefe9f64678

Files

4fa73bcad97835ea955d5f2ae1c58a6d65aec358ba4c22f1c998bdefe9f64678
.exe windows:4 windows x86 arch:x86

f1d5e5509f8b55965cdb4904f577c17f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Work\SDClient\rcTool\Release\RcTool.pdb

Imports

mfc71

ord578
ord876
ord2322
ord3761
ord310
ord2164
ord2902
ord1084
ord2086
ord1545
ord5915
ord1620
ord1617
ord3946
ord1402
ord4232
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord3641
ord1656
ord1655
ord1599
ord5200
ord2862
ord2991
ord4486
ord3164
ord572
ord1554
ord4244
ord3195
ord1063
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord3182
ord354
ord1794
ord5833
ord6067
ord4580
ord4749
ord709
ord501
ord265
ord266
ord297
ord6179
ord3997
ord5529
ord304
ord1489
ord6118
ord299
ord2933
ord1439
ord6288
ord629
ord5089
ord384
ord762
ord908
ord2451
ord5403
ord2468
ord3830
ord1122
ord912
ord1054
ord5975
ord1123
ord2020
ord764
ord587
ord620
ord605
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord1207
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord1964
ord4541

msvcr71

_except_handler3
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_purecall
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
free
_setmbcp
__CxxFrameHandler
?name@type_info@@QBEPBDXZ
strcmp
memset
memcmp
memcpy
memmove
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_aligned_malloc
_aligned_free
__dllonexit
_onexit
__security_error_handler
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_ismbblead

kernel32

CloseHandle
SetLastError
GetModuleFileNameA
WaitForSingleObject
OpenEventA
GetVolumeInformationA
SetErrorMode
GetLogicalDrives
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
Sleep
GetCurrentProcess
GetDriveTypeA
GetLastError
GetVersion

user32

ExitWindowsEx
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon

advapi32

GetTokenInformation
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
FreeSid
OpenProcessToken
LookupPrivilegeValueA

comctl32

ord17

ws2_32

WSAStartup

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?uncaught_exception@std@@YA_NXZ

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1d5e5509f8b55965cdb4904f577c17f

Headers

File Characteristics

PDB Paths

Imports

mfc71

msvcr71

kernel32

user32

advapi32

comctl32

ws2_32

msvcp71

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 24KB