f381511451e70605f664a2ab150923aedfb67822b4eb91e991b3d0505831876b

Sharing

Copy URL Twitter E-mail

General

Target

f381511451e70605f664a2ab150923aedfb67822b4eb91e991b3d0505831876b
Size

227KB
MD5

aba74fe879c8452e9f6625e50ca53c81
SHA1

4906ead7c90b9ead5a5e403e733dbecc9f028507
SHA256

f381511451e70605f664a2ab150923aedfb67822b4eb91e991b3d0505831876b
SHA512

d6a142364c046ad381fb7a4fb14db95c67e8fd6e33009fd12f880cc7e426e324c2c01c35b4ae50cf2c17554c509d3cdd8df57873fe826fb251eb863c36cf7736
SSDEEP

1536:sv6Hb0seVeDtyv8MJ/ArNbudvkBOfkgqLsmpb4W+3KO6Uy6LNbC:Bb0sepvnJIrlokc8gssy06URLNbC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f381511451e70605f664a2ab150923aedfb67822b4eb91e991b3d0505831876b

Files

f381511451e70605f664a2ab150923aedfb67822b4eb91e991b3d0505831876b
.exe windows:4 windows x86 arch:x86

9e6172447829999d8a3bffdaaa8359bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

svenbase.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@Halt0$qqrv
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@DoneExcept$qqrv
@System@@HandleFinally$qqrv
@System@@HandleOnException$qqrv
@System@ExceptAddr$qqrv
@Objects@CallStack$qqrpc
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@ShowException$qqrp14System@TObjectpv
@Sysutils@EAccessViolation@
@Sysutils@Exception@
@Svenlib@initialization$qqrv
@Svenlib@Finalization$qqrv
@Svenlib@SvnInit$qqr18Svenlib@SvnIniType
@Svenlib@SvnExit$qqrv
@Svenlib@writesveninichecked$qqrpct1t1ioi
@Svenlib@getsveniniprofilestring$qqrpct1t1i
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Win2kext@initialization$qqrv
@Win2kext@Finalization$qqrv
@Odialogs@initialization$qqrv
@Odialogs@Finalization$qqrv
@Menus@initialization$qqrv
@Menus@Finalization$qqrv
@Actnlist@initialization$qqrv
@Actnlist@Finalization$qqrv
@Graphics@initialization$qqrv
@Graphics@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Themes@initialization$qqrv
@Themes@Finalization$qqrv
@Controls@initialization$qqrv
@Controls@Finalization$qqrv
@Uxtheme@initialization$qqrv
@Uxtheme@Finalization$qqrv
@Multimon@initialization$qqrv
@Multimon@Finalization$qqrv
@Dwmapi@initialization$qqrv
@Dwmapi@Finalization$qqrv
@Forms@initialization$qqrv
@Forms@Finalization$qqrv
@Helpintfs@initialization$qqrv
@Helpintfs@Finalization$qqrv
@Dialogs@initialization$qqrv
@Dialogs@Finalization$qqrv
@Printers@initialization$qqrv
@Printers@Finalization$qqrv
@Extctrls@initialization$qqrv
@Extctrls@Finalization$qqrv
@Graphutil@initialization$qqrv
@Graphutil@Finalization$qqrv
@Clipbrd@initialization$qqrv
@Clipbrd@Finalization$qqrv
@Flatsb@initialization$qqrv
@Flatsb@Finalization$qqrv
@Oleserver@initialization$qqrv
@Oleserver@Finalization$qqrv
@Comobj@initialization$qqrv
@Comobj@Finalization$qqrv
@Olectrls@initialization$qqrv
@Olectrls@Finalization$qqrv
@Axctrls@initialization$qqrv
@Axctrls@Finalization$qqrv
@Xdom_2_3@initialization$qqrv
@Xdom_2_3@Finalization$qqrv
@Misamlib@initialization$qqrv
@Misamlib@Finalization$qqrv
@Svresdll@initialization$qqrv
@Svresdll@Finalization$qqrv
@Svendll@initialization$qqrv
@Svendll@Finalization$qqrv
@Buttons@initialization$qqrv
@Buttons@Finalization$qqrv
@Win32crt@initialization$qqrv
@Win32crt@Finalization$qqrv
@Svnarith@initialization$qqrv
@Svnarith@Finalization$qqrv
@Userlib@initialization$qqrv
@Userlib@Finalization$qqrv
@Userlib@prog_unsplash$qqrv
@Userlib@prog_splash$qqrv
@Svendb@initialization$qqrv
@Svendb@Finalization$qqrv
@Svendb@DBExit$qqrv
@Svendb@DBInit$qqr22Svenlib@ParaAccessTypeo
@Logfile@initialization$qqrv
@Logfile@Finalization$qqrv
@Sventype@TypInit$qqrv
@Tcpipcon@initialization$qqrv
@Tcpipcon@Finalization$qqrv
@Winint@initialization$qqrv
@Winint@Finalization$qqrv
@Leadlib@initialization$qqrv
@Leadlib@Finalization$qqrv
@Xisamlib@initialization$qqrv
@Xisamlib@Finalization$qqrv
@Scan@initialization$qqrv
@Scan@Finalization$qqrv
@Comctrls@initialization$qqrv
@Comctrls@Finalization$qqrv
@Extactns@initialization$qqrv
@Extactns@Finalization$qqrv
@Extdlgs@initialization$qqrv
@Extdlgs@Finalization$qqrv
@Mapi@initialization$qqrv
@Mapi@Finalization$qqrv
@Infounit@initialization$qqrv
@Infounit@Finalization$qqrv
@Dev_init@initialization$qqrv
@Dev_init@Finalization$qqrv
@Svserio@initialization$qqrv
@Svserio@Finalization$qqrv
@Dlldata@initialization$qqrv
@Dlldata@Finalization$qqrv
@Stat_def@initialization$qqrv
@Stat_def@Finalization$qqrv
@P_crypt@initialization$qqrv
@P_crypt@Finalization$qqrv
@Multisel@initialization$qqrv
@Multisel@Finalization$qqrv
@Ibmpos@initialization$qqrv
@Ibmpos@Finalization$qqrv
@Odbcstub@initialization$qqrv
@Odbcstub@Finalization$qqrv
@Ibasstub@initialization$qqrv
@Ibasstub@Finalization$qqrv
@Pdx_stub@initialization$qqrv
@Pdx_stub@Finalization$qqrv
@Svbde@initialization$qqrv
@Svbde@Finalization$qqrv
@Fixbde4gbbug@initialization$qqrv
@Fixbde4gbbug@Finalization$qqrv
@Busyproz@initialization$qqrv
@Busyproz@Finalization$qqrv
@Erptfact@initialization$qqrv
@Erptfact@Finalization$qqrv
@Sendmail@initialization$qqrv
@Sendmail@Finalization$qqrv
@Idsysvcl@initialization$qqrv
@Idsysvcl@Finalization$qqrv
@Idglobal@initialization$qqrv
@Idglobal@Finalization$qqrv
@Idstack@initialization$qqrv
@Idstack@Finalization$qqrv
@Idwinsock2@initialization$qqrv
@Idwinsock2@Finalization$qqrv
@Idwship6@initialization$qqrv
@Idwship6@Finalization$qqrv
@Idstackwindows@initialization$qqrv
@Idstackwindows@Finalization$qqrv
@Idcomponent@initialization$qqrv
@Idcomponent@Finalization$qqrv
@Idiohandlerstack@initialization$qqrv
@Idiohandlerstack@Finalization$qqrv
@Idiohandler@initialization$qqrv
@Idiohandler@Finalization$qqrv
@Idemailaddress@initialization$qqrv
@Idemailaddress@Finalization$qqrv
@Idglobalprotocols@initialization$qqrv
@Idglobalprotocols@Finalization$qqrv
@Idcharsets@initialization$qqrv
@Idcharsets@Finalization$qqrv
@Idmessagecoder@initialization$qqrv
@Idmessagecoder@Finalization$qqrv
@Idmessage@initialization$qqrv
@Idmessage@Finalization$qqrv
@Idcodermime@initialization$qqrv
@Idcodermime@Finalization$qqrv
@Idthread@initialization$qqrv
@Idthread@Finalization$qqrv
@Idssl@initialization$qqrv
@Idssl@Finalization$qqrv
@Idcoderbinhex4@initialization$qqrv
@Idcoderbinhex4@Finalization$qqrv
@Idmessagecoderxxe@initialization$qqrv
@Idmessagecoderxxe@Finalization$qqrv
@Idmessagecoderuue@initialization$qqrv
@Idmessagecoderuue@Finalization$qqrv
@Idcoderxxe@initialization$qqrv
@Idcoderxxe@Finalization$qqrv
@Idcoderuue@initialization$qqrv
@Idcoderuue@Finalization$qqrv
@Idmessagecodermime@initialization$qqrv
@Idmessagecodermime@Finalization$qqrv
@Idmessagecoderquotedprintable@initialization$qqrv
@Idmessagecoderquotedprintable@Finalization$qqrv
@Idsasl@initialization$qqrv
@Idsasl@Finalization$qqrv
@Wffndisp@initialization$qqrv
@Wffndisp@Finalization$qqrv
@Dbkeysup@initialization$qqrv
@Dbkeysup@Finalization$qqrv
@Dbtables@initialization$qqrv
@Dbtables@Finalization$qqrv
@Sqltimst@initialization$qqrv
@Sqltimst@Finalization$qqrv
@Db@initialization$qqrv
@Db@Finalization$qqrv
@Widestrings@initialization$qqrv
@Widestrings@Finalization$qqrv
@Fmtbcd@initialization$qqrv
@Fmtbcd@Finalization$qqrv
@Dlldb@initialization$qqrv
@Dlldb@Finalization$qqrv
@Jpeg@initialization$qqrv
@Jpeg@Finalization$qqrv
@Navig@initialization$qqrv
@Navig@Finalization$qqrv
@Svicndll@initialization$qqrv
@Svicndll@Finalization$qqrv
@Stat_tsk@initialization$qqrv
@Stat_tsk@Finalization$qqrv
@Svpdfdll@initialization$qqrv
@Svpdfdll@Finalization$qqrv

kernel32

GetModuleHandleA
FreeLibrary

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 268B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e6172447829999d8a3bffdaaa8359bd

Headers

File Characteristics

Imports

svenbase.bpl

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.itext Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 28B

.bss Size: - Virtual size: 268B

.idata Size: 13KB - Virtual size: 13KB

.reloc Size: 1024B - Virtual size: 968B

.rsrc Size: 206KB - Virtual size: 206KB

.text
Size: 4KB - Virtual size: 3KB

.itext
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 28B

.bss
Size: - Virtual size: 268B

.idata
Size: 13KB - Virtual size: 13KB

.reloc
Size: 1024B - Virtual size: 968B

.rsrc
Size: 206KB - Virtual size: 206KB