dd0561439354448c6c25b357b33a31dd759ae84902f97ecf30c339df87779f31

Sharing

Copy URL Twitter E-mail

General

Target

dd0561439354448c6c25b357b33a31dd759ae84902f97ecf30c339df87779f31
Size

47KB
MD5

0213798362088f218ba5ea663af309d2
SHA1

8c32bafa06746934a0f8a1259d5cff634f1d7db2
SHA256

dd0561439354448c6c25b357b33a31dd759ae84902f97ecf30c339df87779f31
SHA512

6185e7e3d26ee0b55308fdd0ebf6a14ac3cd05248a7cd834ae66ac75daeb5fe6271885807592dba54ad1e1c383ac3b4bc42f6733a98eff65465ebcc15413f682
SSDEEP

768:JOVvP0ISbAvkJXwMOC51dpUhFIxcEf/wm6ixF2G7A1mxPNNrP2uEu0u2u/uuumeE:cVvuAvkJgM951dpULIxcEf/wm6YF2G7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd0561439354448c6c25b357b33a31dd759ae84902f97ecf30c339df87779f31

Files

dd0561439354448c6c25b357b33a31dd759ae84902f97ecf30c339df87779f31
.exe windows:4 windows x86 arch:x86

27aa7ec8d50142b71b8ec7c9cad777a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcmp
sprintf
exit
printf
_XcptFilter
strcat
memcpy
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
memset
_exit
malloc
free
strlen
strcpy
strncmp

kernel32

GetModuleHandleA
GlobalFree
GlobalUnlock
GetStartupInfoA
GlobalLock
GetModuleFileNameA
GlobalAlloc

user32

SetMessageQueue
RegisterWindowMessageA
PostMessageA
GetFocus
MessageBoxA

nlsrtl33

ord11
ord203
ord201
ord117
ord6
ord3
ord2
ord4
ord175
ord246
ord277
ord224
ord279
ord268
ord281
ord276
ord248
ord227
ord174
ord231
ord237

nn60

ord4
ord28
ord136
ord85
ord132
ord131

uiw60

ord8001
ord8002
ord8005
ord11006
ord1017
ord1021

ca60

ord98
ord92
ord99
ord527
ord526
ord54
ord69
ord59
ord340
ord56
ord77
ord5
ord106
ord346
ord354
ord487
ord345
ord107
ord101
ord286
ord95
ord94

de60

ord3477
ord214
ord5070
ord3374
ord210
ord709
ord3457
ord105
ord3478
ord5608
ord481
ord5599
ord5422
ord5598

ora805

slfnp
slgfn

uirem60

ord250
ord174
ord184
ord255
ord195

sqllib80

sqlclu
sqlret
sqltex
sqlofftb
sqlcln
sqlexp
sqgctx
sqlald
sqlcxt
sqls2u
sqloer
sqloew
sqlu2s
sqlcps
sqliap
sqlprc
sqgrct
SQLRCXGet

qmg60

rwosk2nocomm

utl60

ord38
ord39

rwlib60

rxalert
rimfr
rxmcof
rxbcod
relgtsn
rimal
rxmcoe
rxmlgo
rxierr
rxlog
rxinit
sriuoa
rxglerclm
rrdlba
ropintcp
rxglermcc
srufrn
rxmcofcp
rrofnshd
rrodap
rxnname
rroahp
roulgs
ruerformat
ruereget
rstmrut
rstmst
rxiefm
ruereset
ropsdf
ropintcbs
rrrpensd
rrrpensr
rxmbtc
rxslrunprd
relgtmn
rxicep
rwbxcr
rxfini
rxicpr
rrdps2put
ropubput
rrdps1get
ropubget

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27aa7ec8d50142b71b8ec7c9cad777a0

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

nlsrtl33

nn60

uiw60

ca60

de60

ora805

uirem60

sqllib80

qmg60

utl60

rwlib60

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 3KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB