27c25edbc1e34403b539485b00b0bb49765196d839a892a0272cc754b7e19b6b

Sharing

Copy URL

Twitter E-mail

General

Target

27c25edbc1e34403b539485b00b0bb49765196d839a892a0272cc754b7e19b6b
Size

880KB
MD5

7b3e89e08febebafa6c67bd7ba7d6c12
SHA1

036c9742896ba4b7d0d9acadc36970b283a40aac
SHA256

27c25edbc1e34403b539485b00b0bb49765196d839a892a0272cc754b7e19b6b
SHA512

62532476619896de503bea470da04aa1a1c11c1c7a2b2c77d826b96485a0ff8ab4959608077bd5ff19b93d2218025f176b9dc2884312ad978a6bfcc603480afb
SSDEEP

6144:2Z75fOSonVNXn3gz+NTcjACUtR3KecFJb:2HvWDNYACoaNJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27c25edbc1e34403b539485b00b0bb49765196d839a892a0272cc754b7e19b6b

Files

27c25edbc1e34403b539485b00b0bb49765196d839a892a0272cc754b7e19b6b
.exe windows:4 windows x86 arch:x86

36aae6a3fe92ddda00f6510f5e701ff0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_putenv
_strdup
_strnicmp
_adjust_fdiv
__setusermatherr
fclose
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strtok
fputs
atol
strncpy
sprintf
fopen
fgets
__mb_cur_max
_isctype
_pctype
strchr
_chdir
_getcwd
_unlink
_access
??2@YAPAXI@Z
??3@YAXPAX@Z
_onexit
??1type_info@@UAE@XZ
_errno
strncmp
isdigit
atoi
strrchr
vsprintf
_iob
fprintf
_ftol
__CxxFrameHandler
_stricmp

kernel32

GetTickCount
SetHandleCount
FreeLibrary
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalMemoryStatus
FormatMessageA
GetLastError
GetWindowsDirectoryA
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
WinExec
CopyFileA
Sleep
GetStartupInfoA
GetModuleHandleA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCommandLineA

liblohn

arg
check_lflags
SR_BOX_
sr_fprintf
dbrq_create
init_lohn
sr_printf
fa
read_firma
dbrq_closeuser
dbrq
us_strtoupper
xdb_val
atoin
time2asc
date_to_time
sr_messagebox
xdb_res__
xdb_get_val
SR_ERR_
SetMsgCallback
SetMsgboxCallback
SetStatusCallback
SetDbrqCallback
US_FILE_init
SR_OUT_
sr_message
prot
any_domain
xdb_error

user32

PeekMessageA
IsIconic
TranslateMessage
DispatchMessageA
GetWindowTextA
GetMessageA
SetForegroundWindow
ShowWindow
MessageBoxA
PostQuitMessage
GetDoubleClickTime
SetMessageQueue
SendMessageA
GetClientRect
IsWindow
SetFocus
EnumWindows

zpxl7d

?create@zFrameWin@@UAEXXZ
?caption@zFrameWin@@UAEPBDXZ
?caption@zFrameWin@@UAEXABVRWCString@@@Z
?caption@zFrameWin@@UAEXABVzString@@@Z
?vmove@zWindow@@UAEXHHHH@Z
?setFont@zWindow@@UAEXPAVzFont@@H@Z
?fontSet@zWindow@@UAEXABVzRCFont@@H@Z
?childFocusChange@zWindow@@UAEXPAV1@0@Z
?invalidData@zWindow@@UAEHPAV1@@Z
?storeData@zWindow@@UAEHXZ
?checkData@zWindow@@UAEHXZ
?ziBackgroundColor@zWindow@@UAEXABVzColor@@@Z
?getPreferredSize@zWindow@@UAEHAAVzDimension@@@Z
?app@@3PAVzApp@@A
?background@zWindow@@UAEHPAVzEvent@@@Z
?focus@zWindow@@UAEHPAVzFocusEvt@@@Z
?mouseButtonDown@zWindow@@UAEHPAVzMouseClickEvt@@@Z
?mouseButtonUp@zWindow@@UAEHPAVzMouseClickEvt@@@Z
?mouseMove@zWindow@@UAEHPAVzMouseMoveEvt@@@Z
?scroll@zWindow@@UAEHPAVzEvent@@@Z
?command@zWindow@@UAEHPAVzCommandEvt@@@Z
?kill@zWindow@@UAEHPAVzEvent@@@Z
?move@zWindow@@UAEHPAVzMoveEvt@@@Z
?size@zWindow@@UAEHPAVzSizeEvt@@@Z
?activate@zWindow@@UAEHPAVzActivateEvt@@@Z
?resolveSize@zWindow@@UAEXPAVzSizeEvt@@@Z
?registerHook@zAppFrame@@EAEPAUtagWNDCLASSA@@XZ
?dispatch@zFrameWin@@UAEJPAVzEvent@@@Z
??1zAppFrame@@UAE@XZ
?show@zAppFrame@@UAEXH@Z
?caption@zFrameWin@@UAEXPBD@Z
??1zCursor@@QAE@XZ
?setCursor@zWindow@@QAEXABVzCursor@@@Z
??0zCursor@@QAE@W4StockCursor@@@Z
?unlock@zDisplay@@QAEXXZ
??1zResId@@QAE@XZ
??0zBitmap@@QAE@ABVzResId@@@Z
??0zResId@@QAE@HPBD@Z
??0zFontInfo@@QAE@PAVzDisplay@@@Z
?pushFont@zDisplay@@QAEXPAVzFont@@@Z
?lock@zDisplay@@QAEXXZ
??0zPane@@QAE@PAVzWindow@@PAVzSizer@@KHH@Z
??1zLogMeasure@@QAE@XZ
??0zAppFrame@@QAE@PAVzWindow@@PAVzSizer@@KPBD@Z
??0zSizer@@QAE@ABVzPoint@@ABVzDimension@@PAV0@@Z
??0zDialogUnit@@QAE@HHPAVzDisplay@@@Z
?putchr@zTextStream@@UAEAAV1@D@Z
?put@zTextPane@@UAEXPAD@Z
?textToLog@zTextPane@@UAEXAAVzPoint@@@Z
?textToLog@zTextPane@@UAEXAAVzRect@@@Z
?logToText@zTextPane@@UAEXAAVzPoint@@@Z
?logToText@zTextPane@@UAEXAAVzRect@@@Z
?drawLine@zTextPane@@UAEXVzPoint@@H@Z
?scrollPane@zPane@@UAEXHHABVzRect@@@Z
?morePages@zPane@@UAEHXZ
?print@zPane@@UAEHPAVzPrinterDisplay@@PAVzRect@@@Z
?printCleanup@zPane@@UAEXPAVzPrinterDisplay@@PAVzPrintJob@@@Z
?printSetup@zPane@@UAEHPAVzPrinterDisplay@@PAVzPrintJob@@@Z
?setMetrics@zTextPane@@UAEXXZ
?draw@zTextPane@@UAEHPAVzDrawEvt@@@Z
?setToDefault@zChildWin@@UAEHXZ
?ch@zChildWin@@UAEHPAVzKeyEvt@@@Z
?create@zChildWin@@UAEXXZ
?show@zTextPane@@UAEXH@Z
?ziBackgroundColor@zPane@@UAEXABVzColor@@@Z
?getPreferredSize@zTextPane@@UAEHAAVzDimension@@@Z
?scroll@zPane@@UAEHPAVzEvent@@@Z
?registerHook@zPane@@MAEPAUtagWNDCLASSA@@XZ
??1zTextPane@@UAE@XZ
?setupNotification@zWindow@@IAEXPAVzEvH@@P82@AEHPAVzEvent@@@ZI@Z
??0zTextPane@@QAE@PAVzWindow@@PAVzSizer@@KHH@Z
?focus@zPane@@UAEHPAVzFocusEvt@@@Z
?dispatch@zWindow@@UAEJPAVzEvent@@@Z
??0zMessage@@QAE@PAVzWindow@@PBD1I@Z
?printf@zTextStream@@QAAXPBDZZ
?quit@zApp@@QAEXXZ
?bitmap@zDisplay@@QAEHPAVzBitmap@@VzPoint@@VzDimension@@KH@Z
?go@zApp@@QAEXXZ
??1zString@@QAE@XZ
??0zString@@QAE@ABVzResId@@I@Z
??0zFileOpenForm@@QAE@PAVzWindow@@PBD1QAPAD@Z
??0zApp@@QAE@PAX0PADH@Z
??1zApp@@QAE@XZ
?showSet@zWindow@@UAEXH@Z

msi

ord89

gdi32

GetStockObject

tlsxl7d

?replace@RWCString@@QAEAAV1@IIPBDI@Z
?index@RWCString@@QBEIPBDIIW4caseCompare@1@@Z
??0RWCString@@QAE@PBD@Z
?clone@RWCString@@AAEXXZ
??1RWCString@@QAE@XZ

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36aae6a3fe92ddda00f6510f5e701ff0

Headers

File Characteristics

Imports

msvcrt

kernel32

liblohn

user32

zpxl7d

msi

gdi32

tlsxl7d

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 8KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 796KB - Virtual size: 794KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 796KB - Virtual size: 794KB

.reloc
Size: 8KB - Virtual size: 6KB