XDR_ResponseApp_CollectFile_RM-20240703-00011_9bc6ef68-696d-4658-a8c7-40d719d53241_20240703T142053Z[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

XDR_ResponseApp_CollectFile_RM-20240703-00011_9bc6ef68-696d-4658-a8c7-40d719d53241_20240703T142053Z.7z
Size

396KB
MD5

00eee5ac01c02af60d367d1aa7a75193
SHA1

6b481394213fc686e66d51f6167a36b2a526f9b1
SHA256

459220bb5ede16fa6eeb46145001fb3eb9a87a5deaebf38a11e6a0afa0384560
SHA512

550771977ff229a99a40675e365d5efae89d73d5beae6ca94f1c6b967d610b15cc3e6333c03546bd825d664356d03b0b3ea75dfce71b5331ed2d8ef24c4cf3bd
SSDEEP

6144:RdPLUyWg8C4wbX/OONBPUrYLD4LsjB4N62mJ0w6+GOMPKghtPGy1Aqs:RJwyWdZwzbNBnn4LQF96+GR7PGqs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SppExtComObj.Exe

Files

XDR_ResponseApp_CollectFile_RM-20240703-00011_9bc6ef68-696d-4658-a8c7-40d719d53241_20240703T142053Z.7z
.zip

Password: fklc1ps7
SppExtComObj.Exe
.exe windows:10 windows x64 arch:x64

Password: fklc1ps7

e362c37d171448e3932b48a0360badce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SppExtComObj.pdb

Imports

advapi32

RegEnumKeyW
RegSetKeySecurity
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

EncodePointer
GetCurrentProcessId
CreateProcessW
OpenEventW
DecodePointer
LocalAlloc
LocalFree
SetLastError
CreateEventW
GetCurrentProcess
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
HeapSetInformation
RaiseFailFastException
GetCurrentThread
DeleteCriticalSection
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
SetThreadPriority
SetEvent
CloseHandle
GetModuleFileNameW
GetLastError
GetCommandLineW
GetSystemDirectoryW
FreeLibrary
WaitForMultipleObjects
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetComputerNameExW
VirtualQuery
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
WaitForSingleObject
VirtualFree
FreeLibraryAndExitThread

msvcrt

memcmp
memmove
memcpy
_vsnwprintf
memset
_unlock
_wcsicmp
_purecall
srand
rand
wcschr
towupper
__C_specific_handler
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
wcscmp
_lock
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

rpcrt4

UuidToStringW
I_RpcMapWin32Status
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
UuidFromStringW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
Ndr64AsyncServerCallAll
RpcStringFreeW
NdrAsyncServerCall
Ndr64AsyncClientCall
NdrDllGetClassObject
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcBindingFree
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
RpcServerUseProtseqEpW
RpcServerRegisterIf2
RpcServerUnregisterIf
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect

oleaut32

BSTR_UserUnmarshal
BSTR_UserSize
VariantClear
VariantInit
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal64
SysFreeString
SysAllocString
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
SafeArrayDestroy
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
LPSAFEARRAY_UserFree64
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoReleaseServerProcess
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoAddRefServerProcess
CoSuspendClassObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ole32

CoRegisterPSClsid
ObjectStublessClient3
ObjectStublessClient5
ObjectStublessClient4

shell32

CommandLineToArgvW

ws2_32

FreeAddrInfoW
WSAAddressToStringW
WSAGetLastError
WSACleanup
WSAStartup
GetAddrInfoW

dnsapi

DnsQuery_W
DnsNameCompare_W
DnsModifyRecordsInSet_W
DnsFree

activeds

ord20
ord9
ord15

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: fklc1ps7

Password: fklc1ps7

e362c37d171448e3932b48a0360badce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ole32

shell32

ws2_32

dnsapi

activeds

Sections

.text Size: 431KB - Virtual size: 430KB

?g_Encry Size: 11KB - Virtual size: 11KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 431KB - Virtual size: 430KB

?g_Encry
Size: 11KB - Virtual size: 11KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB