129d74df233f445c9661363cc7370cf0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

129d74df233f445c9661363cc7370cf0N.exe
Size

1.5MB
MD5

129d74df233f445c9661363cc7370cf0
SHA1

c2574bf5a5f508eecd4f9b690e0dd71667745776
SHA256

01f24f726d56256e62c013ddac0702de369330b13b8cc6ed6f748526308fe8e0
SHA512

cf37a7422ee7763b699907a5e3247352a0b37214ce77479d7dd6712acec5e03db77c84fbfd72e53147b5b977ffa81203da6ae527d4433196c9c853c1a387b382
SSDEEP

12288:G94lYD7/fYxQyfNUWktXpt4kprrYrbU0LKJvejCLWllTePrFl3d:G94lYD7/fYxQyfbkZpt47HU0LK9XJf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
129d74df233f445c9661363cc7370cf0N.exe

Files

129d74df233f445c9661363cc7370cf0N.exe
.exe windows:4 windows x86 arch:x86

2c38eb65227913e9cf6f4798e622d1b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?conNNewNil
?symPrivateConst
?momSOff
ACREATE
?symRefItemConst
?conMemberToItem
?conSendItem
?getRFPC
?conAssignRefWMember
?domAssign
PCOUNT
__vft19ConNumericIntObject10AtomObject
TRIM
?pushCodeBlock
AADD
SETAPPFOCUS
?getWFPC
APPEVENT
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
DBUSEAREA
DBRLOCK
?getWCFC
DBRUNLOCK
DBCLOSEAREA
?domSub
?passParameter
?domValXEql
?retStackItem
__vft21ConNumericFloatObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
ARRAY
NATIONMSG
?domAdd
DIRECTORY
SET
SECONDS
ALLTRIM
LEN
?domNot
?retStackValue
SUBSTR
VAL
?domGetElem
?domNEql
?orShortCut
?domOr
?andShortCut
?domAnd
DBGOBOTTOM
TONE
DBGOTOP
DBGOTO
DBSKIP
MSGBOX
DBSELECTAREA
NETERR
ORDLISTCLEAR
ORDLISTADD
DBDELETE
DBPACK
EOF
ORDSETFOCUS
UPPER
_EARLYBOUNDCODEBLOCK
DBLOCATE
FOUND
LASTREC
?domGCmp
DBAPPEND
RECNO
DBCOMMIT
?domInc
?domEql
DBSEEK
PADR
CDOW
CMONTH
DAY
STR
LTRIM
PADL
YEAR
DATE
CONFIRMBOX
?symParameterConst
?symGetItemConst
ASC
INT
AT
?domNegate
?domXEql
FEXISTS
DBCREATE
FILE
DBCREATEINDEX
THREAD
FERASE
?domRefElem
ACLONE
DBCLOSEALL
?conNewNil
?executeMacro
LEFT
TRANSFORM
XBPFONT
GRASTRINGAT
DELETED
DTOC
CTOD
ABS
CREATEDIR
CURDRIVE
BREAK
ERRORBLOCK
CURDIR
?ehUnsetContext
?ehGetBreakContainer
?conRelease
CHR
RAT
ASIZE
?domValLECmp
?domMul
ROUND
STOD
?symPublicConst
SETAPPWINDOW
DBCOMMITALL
_QUIT
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_2_00_0
___xpprt1Version

xppsys

SCATTER
GRASETFONT
APPEXIT
DBESYS
ERRORSYS

xppdui

XBPDIALOG
XBPSTATIC
XBPSLE
XBPPUSHBUTTON
XBPRADIOBUTTON
XBPCOMBOBOX
XBPMLE
XBPCHECKBOX
XBPPRESSPACE
XBPLISTBOX
XBPMENU

xppdbgc

__XPPdbgClient

xppui2

XBPPRINTDIALOG

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c38eb65227913e9cf6f4798e622d1b7

Headers

File Characteristics

Imports

xpprt1

xppsys

xppdui

xppdbgc

xppui2

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 182KB - Virtual size: 182KB

.xpp Size: 6KB - Virtual size: 6KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 182KB - Virtual size: 182KB

.xpp
Size: 6KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 61KB - Virtual size: 60KB