afabe40a30b7751a4b05dcff85c345233c52ba575e0f0e3f44907fd20679487c

Sharing

Copy URL Twitter E-mail

General

Target

afabe40a30b7751a4b05dcff85c345233c52ba575e0f0e3f44907fd20679487c
Size

264KB
MD5

a15416a31627316013f5c6c0dff6eafb
SHA1

512ae540fe557434dc900c48f990ca9e58c5e851
SHA256

afabe40a30b7751a4b05dcff85c345233c52ba575e0f0e3f44907fd20679487c
SHA512

6b5992e2667b01e1132e2872d042cfc5859312434804ed2fe1ae96c0386a176bcfe2246732948e999a923fc7afaf7412597ed3a15812354b47692517310b1e87
SSDEEP

6144:XhUjFT7CDhA0SZlhraCbz82FdJfNsKpKUOz5KJB//1QqJ7cBkhL:XhUjR7CDhxglhraCbzZn1uZUOz5KJB/f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afabe40a30b7751a4b05dcff85c345233c52ba575e0f0e3f44907fd20679487c

Files

afabe40a30b7751a4b05dcff85c345233c52ba575e0f0e3f44907fd20679487c
.dll windows:4 windows x86 arch:x86

bca284ad94420328e3d5a479b55977d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pprtl

strncasecmp
__assert
kstrtok
strcasecmp
memclr

osppc

ntgloadr_task
osnewmem
GetGlobalAddr
ossigsem
oswaisem
osdltpkt
ossndpkt
osdspmem
oswaitim
osrcvpkt

wdul

wdwrite
wdatwnds
wddtwnd
wdsetcrs

dplib

dpewrite
dpwrite
dpread
dpewrite_str
dpread_noctrl
dpread_noctrl_str

ml

mlcurang
mlcnvpos
mlcurpos

mmlib

mmlstprg
mmsetapp
mmdelprg
mmax2app
mmrenpg2
mmrenprg
mmgetatr
mmimage_preopen
mmlstrtn
mmimage_loadtpdef
mmsetln
mmax1app
mmgettyp
mmprclos
mmpropen
mmsetatr
mmcremn
mmlstdtr
mmchgtyp
mmrepmem
mmgetapp

pgutl

pggetst
pghldcnd_chk_bit
pggetst_ext
pgwlkbck
pgsndpkw
pgabort
pggetnum

sputl

spgetinf_spi
spgetasm
spdatptr
spsprdir
spsetmem
spcremem
spgetmem2
spgetidx2
spschopt_featuremod
spschopt
spcall2
spnxtidx

tplib

tpmulti_waitnuminput
tpmodint
tpmodrel
tpmulti_waitstrinput
tpgtinp
tpmodalv
tpprint
tpprreal
tpsubmen
tppulmen
tpspart_setmenu
sadsp
tplink_version
tpclrwin
tpchgprg
tpabtprg
tpsrchmn
tpmodalp
tpwrnkey
tppascon_rwaccess2
tpmulti_mouseevents
tpinit_setsize
tpmulti_sendpmon
tplink_exec_url
sanew
tpmulti_idx
tpextreq_tid
tppascon_access
tpdraw_flush
tplink_paneidx
tplink_panenum
tpinfilt_getFKeyLabel
tprdmenu
tpapctrl
tpmulti_docgtpmenus

vmgr

vmgetelm
vmgetvar
vmpasswd
vmgtsysv

kstdio

kfprintf
kfopen
kprintf
kfilstat
ksprintf
kfclose
ksscanf
kremove

syutl

tptext_size
tptext_chkstr
tptext_copy
tptext_disp
tptext_width
tptext_cursor
sytimcnv
syinipkt
sytpkey
erpost
tptext_chkchr
sygetfrm

cplib

cplist_find_node
cplist_delete
cplist_new
cplist_insert_before
cplist_insert_tail
xmlparse_new
xmlparse_addtag
cptable_add
cpdelfil
cpnamchk_prog
xmlparse_free
xmlparse_scan

sfmnlib

mnreset
mnsavlib
mnmltred
mnmltatr
mtmnsrch2
mnerpost
mnsetfid
mngettbl
mnread
mnstrcpy
mngetstr
mtsetprg
mngettex
mnspmenu
tpsubme3
mnsetmen
mninsmsk
mntslctl
mnactidl
mnsubfnc
mnpastln
mnasmenu
mnspfunc
mnrunst
mnprev2
mnprenum
mnremln
mninsln
mnundinf_update2
mndelln
mnundinf_update
mnundinf_check
mnendact
mnmemwr
mnmenset
mnskitm_list
mnlstprg
mnrpidxa
mnrpidxi
mnrpidxd
mndelitm
mnnext
mnchgedt
mnnumric
mnintfid
mnchscr
mnslf
mnsrt
mnpagedn
mnpageup
mncurlf
mncurrt
mnitem
mncurup
mncurdn
mnlinstr
mndaulin
mnreopen
mngsbtyp
mnrpinps
mngetccr
mngtsize
mnchk_tui_motion
mnstupdt
mnwrite
mnbgechk
mntpstat
mnsropt
mnspcall
mndefred
tprdmen3
mnlincpy
mncpydtr
mnprev
mnemenu
mnfncchk
mntcslin
mndefcre
mnskitm
mnprgsta

ioutl

iovalset
iovalrd

pgutl2

pgrtntui

scutl

scsetpos
scdelete
scwrite
scread
scedit_eg
scedit
scgetpos

tpgui

tpdyntil_text
tpgrid_writepipe
tpdb_prompt_dp
tpdb_input_dp
tpdb_index
tpdb_input
tpdyntil_dpwrite
tpdb_list

tpgllib

TPGL_DynLink

kernel32

GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
LCMapStringA
LCMapStringW
RaiseException
RtlUnwind

Exports

Exports

IdentifyMyself

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bca284ad94420328e3d5a479b55977d9

Headers

File Characteristics

Imports

pprtl

osppc

wdul

dplib

ml

mmlib

pgutl

sputl

tplib

vmgr

kstdio

syutl

cplib

sfmnlib

ioutl

pgutl2

scutl

tpgui

tpgllib

kernel32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB