0b3ffa82a8238cef36629aff6f3a10c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0b3ffa82a8238cef36629aff6f3a10c0N.exe
Size

100KB
MD5

0b3ffa82a8238cef36629aff6f3a10c0
SHA1

7bae87e11b4f4198a00c1b26763b2a7bb9ddd3f2
SHA256

592b9cb4b2f808a96e7be2d82620f34f887818170a2040d7fc9363d9b9b35db4
SHA512

86a81e031dd19239569265570e5eb72fcf22dd00262b312f5e58072504acc3b672d4cfcf4690a500c83ce05db52ef845e9d407814c15856cf87d8a69272a9730
SSDEEP

1536:rQXdF4gOZCx1fuSHXmz7YGz4feGC5476ZuGwY/tBis02gK2p32tQnvN:UXdF4gOIx1fnWz7YQQI024p32tQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b3ffa82a8238cef36629aff6f3a10c0N.exe

Files

0b3ffa82a8238cef36629aff6f3a10c0N.exe
.dll windows:4 windows x86 arch:x86

4f2249776da5c4aa5b6ac5a4466bc73c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

tptputils

tptp_postSemaphore
tptp_realloc
tptp_malloc
getXmlFragmentElementInt
tptp_deleteSemaphore
tptp_waitSemaphore
tptp_initializeSemaphore
parsePropertyListEntry
tptp_free
getXmlFragmentElementString
native2unicode
tableGet
tptp_releaseWriteLock
tptp_getWriteLock
tptpStartThread
getStringListParam
make_dime_header
parseCommand
tptp_list_remove
isEqualString
tptp_decodeBase64
getPIDParam
tptp_list_add
tptp_getReadLock
tptp_releaseReadLock
tptp_list_init
getXmlFragmentParam
tptp_list_clear
getStringParam
getIntegerParam
init_dime_header

transportsupport

ord14
ord13
ord15
ord11
ord37
ord26
ord29
ord28
ord23
ord10
ord42
ord20
ord24
ord12
ord33
ord19

tptpbasetl

baseTL_releaseContextData
baseTL_startTimeoutThread
baseTL_storeContextData
baseTL_getNextContextID
baseTL_destroyTransportListener
baseTL_createTransportListener
baseTL_startTransportListener
baseTL_stopTransportListener
baseTL_setProcessMessageFunc
baseTL_setIncomingDataFunc
baseTL_removeDataConnectionEntry
baseTL_addControlConnectionEntry
baseTL_addDataConnectionEntry
baseTL_removeControlConnectionEntry
baseTL_getContextData

tptpcmpsupp

ra_destroyMessage
convertCommandToXML
ra_addCommandToMessage
ra_createMessage
ra_determineMessageLength
ra_mutexExit
ra_mutexEnter
ra_readMessageFromBuffer
ra_copyRASTRING
ra_createRASTRING
ra_mutexCreate
ra_generateUUID
ra_writeMessageToBuffer
ra_destroyRASTRING
ra_cloneCommand

kernel32

GetCurrentThreadId
SetEndOfFile
FlushFileBuffers
CreateFileA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapAlloc
CloseHandle
Sleep
CreateThread
ReadFile
GetCommandLineA
HeapFree
GetVersionExA

Exports

Exports

createTransportListener
destroyTransportListener
sendData
sendMessage
setDataDescriptor
setIncomingDataFunc
setProcessMessageFunc
startTransportListener
stopTransportListener
terminateConnection
terminateDataConnection

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f2249776da5c4aa5b6ac5a4466bc73c

Headers

File Characteristics

Imports

tptputils

transportsupport

tptpbasetl

tptpcmpsupp

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 11KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 11KB

.reloc
Size: 8KB - Virtual size: 4KB