1a7c3d042b86fc193c022083461512b0c31251239f9734e798748c0608f2b255

General

Target

1a7c3d042b86fc193c022083461512b0c31251239f9734e798748c0608f2b255
Size

28KB
MD5

19d47b1ce2d5b1979fb14807c6282c2e
SHA1

89098472ced9a1389f6dcfecea42a97a3ee8693e
SHA256

1a7c3d042b86fc193c022083461512b0c31251239f9734e798748c0608f2b255
SHA512

3f198fba90044a68ccd6445ea18d3d8bb994af9695db3ce18c110a6db0813c566ec92e6a0bca5c7a6190b8b8a504da6916f342dfda2400b92af8b8d4b667a478
SSDEEP

768:qhyYDTSmZ+vD/danOGGlQjj0BBthDQkcO6VGi0zL8rjk0rwNy+Dsx0g:qhyioIVGQj0BBbQFrkxLGXMyc8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XP3Viewer.exe
unpack001/xp3viewer.dll

Files

1a7c3d042b86fc193c022083461512b0c31251239f9734e798748c0608f2b255
.zip
XP3Viewer.exe
.exe windows:5 windows x86 arch:x86

fa9ed83e438b63fc6b4543a34083bb7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtWriteVirtualMemory
_vsnwprintf
NtClose
RtlAdjustPrivilege
NtReadVirtualMemory
RtlAllocateHeap
NtTerminateProcess
LdrLoadDll
NtGetContextThread
RtlGetFullPathName_U
LdrShutdownProcess
NtSetContextThread
NtResumeThread
NtAllocateVirtualMemory
RtlFreeHeap
NtDelayExecution
NtFreeVirtualMemory
_allmul

kernel32

WriteConsoleW
CreateProcessInternalW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.Amano
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xp3viewer.dll
.dll windows:5 windows x86 arch:x86

0ea884a23e9e40908aa23d4ee93fde8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtQueryAttributesFile
NtProtectVirtualMemory
NtSetContextThread
NtTerminateProcess
LdrUnloadDll
swprintf
NtFsControlFile
LdrAddRefDll
RtlInitAnsiString
NtWriteVirtualMemory
RtlGetVersion
RtlRemoveVectoredExceptionHandler
LdrGetProcedureAddress
NtQueryInformationProcess
NtWaitForSingleObject
KiUserExceptionDispatcher
NtReadVirtualMemory
NtDelayExecution
NtSetInformationProcess
NtFlushInstructionCache
RtlAddVectoredExceptionHandler
LdrLoadDll
NtGetContextThread
RtlMultiByteToUnicodeN
LdrShutdownProcess
RtlCreateUserThread
NtResumeThread
NtAllocateVirtualMemory
LdrDisableThreadCalloutsForDll
NtFreeVirtualMemory
RtlDosPathNameToNtPathName_U
NtReadFile
RtlGetCurrentDirectory_U
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlAllocateHeap
RtlReAllocateHeap
NtClose
RtlMoveMemory
NtCreateFile
wcsstr
RtlFreeUnicodeString
NtQueryInformationFile
RtlDestroyHeap
RtlInitUnicodeString
NtWriteFile
RtlFreeHeap
NtQueryDirectoryFile
RtlCreateHeap
_alldiv
RtlUnwind

kernel32

CreateProcessInternalW

comctl32

ord17

Sections

.Amano
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Amano2
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa9ed83e438b63fc6b4543a34083bb7e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ole32

Sections

.Amano Size: 3KB - Virtual size: 3KB

0ea884a23e9e40908aa23d4ee93fde8c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

comctl32

Sections

.Amano Size: 44KB - Virtual size: 44KB

.Amano2 Size: 1KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 2KB - Virtual size: 2KB

.Amano
Size: 3KB - Virtual size: 3KB

.Amano
Size: 44KB - Virtual size: 44KB

.Amano2
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 2KB - Virtual size: 2KB