046c9189dd185ffb5c619e1177b651dbc4bc8861a52bb4e6c54355db652ad745

Sharing

Copy URL Twitter E-mail

General

Target

046c9189dd185ffb5c619e1177b651dbc4bc8861a52bb4e6c54355db652ad745
Size

1.4MB
MD5

654a441e3c7355bd0761cb1c1a8ddfa7
SHA1

d2fdffb07d03fbaf48e863b91245e38ff840c836
SHA256

046c9189dd185ffb5c619e1177b651dbc4bc8861a52bb4e6c54355db652ad745
SHA512

c23ac3648b3fa9dd3be6921c83e6f51bcaa2630921206fbf7b1f8d23da9d59521cb42b1081a62c89341f7933174c472b2b61085443be782b2cb741c2faf0b679
SSDEEP

24576:sQbSsN5NdbSaNpmyKhz82ulzz8T2joesf1/EB5NgiZI2SeSJ:WsHpmw2ulk2joL1cBJZI2NSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
046c9189dd185ffb5c619e1177b651dbc4bc8861a52bb4e6c54355db652ad745

Files

046c9189dd185ffb5c619e1177b651dbc4bc8861a52bb4e6c54355db652ad745
.exe windows:5 windows x86 arch:x86

4e07f6892d3ff308d4e100287b1fc071

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\rc_v12_pro_20230922\Build\Release\WPSOffice\office6\wpsoffice_pro.pdb

Imports

kernel32

CloseHandle
GetLastError
GetCurrentProcessId
TerminateProcess
OpenProcess
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetCommandLineW
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateProcessW
FindResourceExW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
CopyFileW
MultiByteToWideChar
VerSetConditionMask
CreateFileW
GetFileAttributesExW
ReadFile
WaitForSingleObject
CreateMutexW
GetLocalTime
SetDllDirectoryW
VerifyVersionInfoW
SetEvent
CreateEventW
Sleep
GetExitCodeProcess
GetCurrentThreadId
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemTime
SystemTimeToFileTime
ReleaseMutex
OpenMutexW
GetSystemDirectoryW
GetSystemWow64DirectoryW
WideCharToMultiByte
DeleteFileW
GetFileAttributesW
WriteFile
CreateThread
GetTickCount
VirtualQuery
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
QueueUserWorkItem
UnregisterWaitEx
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetNamedPipeHandleState
WaitNamedPipeW
GetOverlappedResult
CancelIo
GetCurrentProcess
LocalAlloc
SetUnhandledExceptionFilter
GetProcessId
LoadLibraryExW
SetErrorMode
GetModuleHandleExW
VirtualAlloc
VirtualFree
GetDriveTypeW
GetTempPathW
GetStartupInfoW
GetDllDirectoryW
CreateDirectoryW
GetPrivateProfileStringW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
SetEndOfFile
WriteConsoleW
SetStdHandle
GetSystemInfo
VirtualProtect
LoadLibraryExA
CompareFileTime
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
lstrlenW
GetPrivateProfileIntW
GetUserDefaultUILanguage
ExpandEnvironmentStringsW
ProcessIdToSessionId
GetStringTypeW
TryEnterCriticalSection
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
OutputDebugStringW
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
CreateTimerQueue
RtlUnwind
GetCommandLineA
ExitThread
SetConsoleCtrlHandler
GetStdHandle
ExitProcess
SetEnvironmentVariableW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

krpt

?_force_link_krpt@@YGXXZ

Exports

Exports

GetHostInterface
MdCallBack
MdCallBack12
ksGetHWND
wdGetApplicationObject

Sections

.text
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e07f6892d3ff308d4e100287b1fc071

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

krpt

Exports

Exports

Sections

.text Size: 916KB - Virtual size: 915KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 26KB - Virtual size: 47KB

.rsrc Size: 239KB - Virtual size: 238KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 916KB - Virtual size: 915KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 26KB - Virtual size: 47KB

.rsrc
Size: 239KB - Virtual size: 238KB

.reloc
Size: 49KB - Virtual size: 49KB