395a8253396260c0ba8c3ae4ff6606eac5c7b26ad035a5443aaa12cb5e3f3162

Sharing

Copy URL

Twitter E-mail

General

Target

395a8253396260c0ba8c3ae4ff6606eac5c7b26ad035a5443aaa12cb5e3f3162
Size

140KB
MD5

0b1b9769a54a328421bc76e2883135a0
SHA1

4ac53996da4fdd5fbcfbbd51694fe684c4dff698
SHA256

395a8253396260c0ba8c3ae4ff6606eac5c7b26ad035a5443aaa12cb5e3f3162
SHA512

4eb35ecefd6c6ab5bc419829bf1a200665bb47ac31c913f3c0a16532a41b0de892716b31cbda62c2af6ea82cf215985f111389d1834d0b8eed611829b2261665
SSDEEP

3072:60Fc1mspzqpHm3qeotLsBDC4H9PMQtehH++dqf:bO1m+zqg39otIBDCQweCqf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
395a8253396260c0ba8c3ae4ff6606eac5c7b26ad035a5443aaa12cb5e3f3162

Files

395a8253396260c0ba8c3ae4ff6606eac5c7b26ad035a5443aaa12cb5e3f3162
.exe windows:1 windows x86 arch:x86

c5c48cb972c4cdda650b013598f35a1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

claasc

ASCII

clados

DOS

clanet

NetCloseCallBackWindow
NetDebugTrace

clarun

Cla$ADDqueue
Cla$ADDqueuekey
Cla$CLEAR
Cla$clearstr
Cla$ClearType
Cla$CLOSEwindow
Cla$code
Cla$COMMAND
Cla$comparestr
Cla$DATE
Cla$DecAdd
Cla$DecDistinct
Cla$DecDivide
Cla$DecMul
Cla$DecSubR
Cla$DELETEqueue
Cla$DInt
Cla$DISPLAY
Cla$Dlongpower
Cla$DPopDec
Cla$DPopLong
Cla$DPopReal
Cla$DPopUlong
Cla$DPushConstant
Cla$DPushDec
Cla$DPushLong
Cla$DPushULong
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ERRORCODE
Cla$EVENT
Cla$FileExists
Cla$FILE_ADDf
Cla$FILE_CLOSE
Cla$FILE_CREATE
CLA$FILE_DESTROY
Cla$FILE_GET_PROPERTY
Cla$FILE_OPEN
Cla$FILE_SET_PROPERTY
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$HALT
Cla$init
Cla$LONGPATH
Cla$Mem2Ufo
Cla$MessageBox
Cla$modulus
Cla$NewMemT
Cla$OPENwindow
Cla$paopen
Cla$PopCString
Cla$PopString
Cla$PopTemp
Cla$POPUP
Cla$POST
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushString
Cla$pwopen
Cla$RECORDSqueue
Cla$RemoveFile
Cla$rterr
Cla$SetPropF
Cla$SetPropS
Cla$SetPropV
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackConcat
Cla$StackConcatR
Cla$StackDEFORMAT
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLen
Cla$StackLOWER
Cla$STACKpop
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$START1
Cla$StartEventLoop
Cla$storecstr
Cla$storedec
Cla$storestr
Cla$THREAD
Cla$THREAD_FILE
THR$GetInstance
_exit
_fnsplit
_free
_malloc
__a_chkstk
__e_index
__e_stack
__sysinit
__sysstart

common

CONFIGUREFTPCONNECTION@F19NETFTPCLIENTCONTROLsbsbsb
DBGETINI@FsbsbsbOsb
EDITFTPCONFIGURATION@Fsbsbsb
EDITWINSCPCONFIGURATION@F12STRINGTHEORY
EXECUTEWINSCP@F12STRINGTHEORY
STPARAMS@F12STRINGTHEORYsbsbOsb

cwhhla

GetTopic@F11TAGHTMLHELP
Init@F11tagHTMLHelpsbl
Kill@F11tagHTMLHelp
SetTopic@F11TAGHTMLHELPsb
TYPE$tagHTMLHelp
VMT$tagHTMLHelp

kernel32

lstrcpy
OutputDebugStringA

lspuzipx

LSUZ_EXECUTE
LSUZ_EXTRACTTO
LSUZ_GETLASTERROR
LSUZ_INCLUDE
LSUZ_INIT
LSUZ_PASSWORD
LSUZ_PIN
LSUZ_RESET
LSUZ_VER
LSUZ_ZIPNAME

tngroot

$GLOBALREQUEST
$GLOBALRESPONSE
$GNT:DISPLAYHELPTOPIC
$GNT:HELPFILEPATH
$GNT:LOCALININAME
$GNT:LOGPROCCALL
$GNT:LOGPROCCALLFILENAME
$GNT:STATIONID
$GNT:USERID
$VCRREQUEST
ABORT@F16NETFTPCLIENTDATA
ABORT@F9NETSIMPLE
ABORTING@F19NETFTPCLIENTCONTROL
ABORTSERVERCONNECTION@F9NETSIMPLEUll
ADDGLOBALPROCEDURELOGQUEUE@Fsbs
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
APPENDTOFILE@F19NETFTPCLIENTCONTROLsbsb
ASK@F13WINDOWMANAGER
BAN@F9NETSIMPLEsb
CALCPROGRESS@F19NETFTPCLIENTCONTROL
CALCPROGRESSOPTIMIZED@F19NETFTPCLIENTCONTROL
CHANGEACTION@F13WINDOWMANAGER
CHANGEDIR@F19NETFTPCLIENTCONTROLsb
CHANGEDIRUP@F19NETFTPCLIENTCONTROL
CLARIONTOUNIXDATE@F7_NETALLll
CLOSE@F16NETFTPCLIENTDATA
CLOSE@F19NETFTPCLIENTCONTROL
CLOSESERVERCONNECTION@F9NETSIMPLEUll
CONNECTIONCLOSED@F16NETFTPCLIENTDATA
CONNECTIONCLOSED@F19NETFTPCLIENTCONTROL
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F10FUZZYCLASS
CONSTRUCT@F12STRINGTHEORY
CONSTRUCT@F13SPECIALFOLDER
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F16NETFTPCLIENTDATA
CONSTRUCT@F19NETFTPCLIENTCONTROL
CONSTRUCT@F8INICLASS
CREATEDIRIN@F13SPECIALFOLDERlsb
CREATEFOLDER@F7_NETALLsb
DELETEACTION@F13WINDOWMANAGER
DELETEFILE@F19NETFTPCLIENTCONTROLsb
DESTRUCT@F12STRINGTHEORY
DESTRUCT@F13SPECIALFOLDER
DESTRUCT@F16ERRORSTATUSCLASS
DESTRUCT@F16NETFTPCLIENTDATA
DESTRUCT@F19NETFTPCLIENTCONTROL
DONE@F19NETFTPCLIENTCONTROL
ERRORTRAP@F16NETFTPCLIENTDATAsbsb
ERRORTRAP@F19NETFTPCLIENTCONTROLsbsb
EXPECTEDSIZECHANGED@F19NETFTPCLIENTCONTROL
fc_CLOCK
fc_TODAY
FETCH@F8INICLASSsbBw
GETBANNED@F9NETSIMPLE
GETCOMMAND@F19NETFTPCLIENTCONTROL
GETCURRENTDIR@F19NETFTPCLIENTCONTROL
GETCURRENTDIRNAME@F19NETFTPCLIENTCONTROL
GETDIR@F13SPECIALFOLDERlsb
GETDIRLISTING@F19NETFTPCLIENTCONTROLsb
GETELAPSEDTIMEUTC@F7_NETALLl
GETINFO@F9NETSIMPLElll
GETREMOTEFILE@F19NETFTPCLIENTCONTROLsbsb
GETSIZE@F19NETFTPCLIENTCONTROLsb
HANDLEREPLY@F19NETFTPCLIENTCONTROL
HEXTOLONG@F9NETSIMPLEsb
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F10FUZZYCLASS
INIT@F13WINDOWMANAGER
INIT@F16NETFTPCLIENTDATAUl
INIT@F19NETFTPCLIENTCONTROLUl
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
INTERPRETERROR@F7_NETALL
ISBANNED@F9NETSIMPLEsb
KILL@F10FUZZYCLASS
KILL@F13WINDOWMANAGER
KILL@F19NETFTPCLIENTCONTROL
KILL@F8INICLASS
KILL@F9NETSIMPLE
LOG@F7_NETALLsbsbl
LONGTOHEX@F9NETSIMPLEl
MAKEDIR@F19NETFTPCLIENTCONTROLsb
MATCHSUBJECTWITHURL@F9NETSIMPLEsbsb
NOOP@F19NETFTPCLIENTCONTROL
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
OPEN@F16NETFTPCLIENTDATAsbUs
OPEN@F19NETFTPCLIENTCONTROLsbUs
PARTIALLYCLOSESERVER@F9NETSIMPLE
PING@F9NETSIMPLEsbl
POPCOMMAND@F19NETFTPCLIENTCONTROLsb
PRIME@F9NETSIMPLE
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
PROCESS@F16NETFTPCLIENTDATA
PROCESS@F19NETFTPCLIENTCONTROL
PROCESSIDLECONNECTION@F16NETFTPCLIENTDATA
PROCESSIDLECONNECTION@F19NETFTPCLIENTCONTROL
PUSHCOMMAND@F19NETFTPCLIENTCONTROLsbOsbOsbll12STRINGTHEORY
PUTFILE@F19NETFTPCLIENTCONTROL12STRINGTHEORYsb
PUTFILE@F19NETFTPCLIENTCONTROLsbsb
QUIT@F19NETFTPCLIENTCONTROL
REFRESHQSERVERCONNECTIONS@F9NETSIMPLEl
REMOVEDIR@F19NETFTPCLIENTCONTROLsb
RENAME@F19NETFTPCLIENTCONTROLsbsb
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SEND@F19NETFTPCLIENTCONTROL
SEND@F9NETSIMPLE
SEND@F9NETSIMPLE12STRINGTHEORY
SEND@F9NETSIMPLEsb
SENDABOR@F19NETFTPCLIENTCONTROL
SENDAPPE@F19NETFTPCLIENTCONTROLsbsb
SENDAUTH@F19NETFTPCLIENTCONTROL
SENDCHANGEDIR@F19NETFTPCLIENTCONTROLsb
SENDCHANGEDIRUP@F19NETFTPCLIENTCONTROL
SENDCOMMAND@F19NETFTPCLIENTCONTROLsbOsb
SENDDELE@F19NETFTPCLIENTCONTROLsb
SENDLIST@F19NETFTPCLIENTCONTROLsb
SENDMKD@F19NETFTPCLIENTCONTROLsb
SENDNOOP@F19NETFTPCLIENTCONTROL
SENDPASS@F19NETFTPCLIENTCONTROL
SENDPASV@F19NETFTPCLIENTCONTROL
SENDPBSZ@F19NETFTPCLIENTCONTROL
SENDPORT@F19NETFTPCLIENTCONTROL
SENDPROT@F19NETFTPCLIENTCONTROLOsb
SENDPWD@F19NETFTPCLIENTCONTROL
SENDQUIT@F19NETFTPCLIENTCONTROL
SENDRETR@F19NETFTPCLIENTCONTROLsbsb
SENDRMD@F19NETFTPCLIENTCONTROLsb
SENDRNFR@F19NETFTPCLIENTCONTROLsb
SENDRNTO@F19NETFTPCLIENTCONTROLsb
SENDSIZE@F19NETFTPCLIENTCONTROLsb
SENDSTOR@F19NETFTPCLIENTCONTROLsbsb12STRINGTHEORY
SENDSYST@F19NETFTPCLIENTCONTROL
SENDTYPE@F19NETFTPCLIENTCONTROLsb
SENDUSER@F19NETFTPCLIENTCONTROLsb
SETALERTS@F13WINDOWMANAGER
SETBUSY@F19NETFTPCLIENTCONTROL
SETCODEPAGE@F7_NETALLOl
SETEXPECTEDSIZEFROMDIRQ@F19NETFTPCLIENTCONTROL
SETFTPTYPE@F19NETFTPCLIENTCONTROLl16NETFTPCLIENTDATA
SETOPTION@F10FUZZYCLASSUcUc
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
SETTYPE@F19NETFTPCLIENTCONTROLsb
SSLGETISSUERFIELD@F9NETSIMPLEsb
SSLGETSUBJECTFIELD@F9NETSIMPLEsb
START@F19NETFTPCLIENTCONTROL
START@F9NETSIMPLE
STARTCOMMAND@F19NETFTPCLIENTCONTROL
STOP@F19NETFTPCLIENTCONTROL
SWITCHTOSSL@F9NETSIMPLEll
SYSTEM@F19NETFTPCLIENTCONTROL
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEEVENT@F19NETFTPCLIENTCONTROL
TAKEEVENT@F9NETSIMPLE
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TRACE@F7_NETALLsb
TYPE$STRINGTHEORY
TYPE$TOOLBARCLASS
UNBAN@F9NETSIMPLEsb
UNIXTOCLARIONDATE@F7_NETALLl
UNIXTOCLARIONTIME@F7_NETALLl
UPDATE@F13WINDOWMANAGER
UPDATE@F8INICLASSsbBw
VERIFYCERTIFICATE@F9NETSIMPLE
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$FUZZYCLASS
VMT$INICLASS
VMT$SPECIALFOLDER
VMT$STRINGTHEORY
VMT$TOOLBARCLASS
_CALLDONE@F19NETFTPCLIENTCONTROL
_CALLERRORTRAP@F16NETFTPCLIENTDATAsbsb
_CALLERRORTRAP@F19NETFTPCLIENTCONTROLsbsb
_COMMANDPRELIM@F19NETFTPCLIENTCONTROL
_DATAPRELIM@F19NETFTPCLIENTCONTROL
_FIGUREOUTDIRFORMAT@F16NETFTPCLIENTDATAsb
_FILLDIRLISTINGQ_FORMAT01@F16NETFTPCLIENTDATAsb
_FILLDIRLISTINGQ_FORMAT02@F16NETFTPCLIENTDATAsb
_FILLDIRLISTINGQ_FORMAT03@F16NETFTPCLIENTDATAsb
_FILLDIRLISTINGQ_FORMAT04@F16NETFTPCLIENTDATAsb
_FILLDIRLISTINGQ_FORMATCUSTOM@F16NETFTPCLIENTDATAsb
_FREECOMMANDQUEUE@F19NETFTPCLIENTCONTROL
_GETREMOTEFILECOMPLETED@F16NETFTPCLIENTDATA
_HANDLEABORTREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEAPPENDTOFILEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEAUTHREPLIES@F19NETFTPCLIENTCONTROL
_HANDLECHANGEDIRREPLIES@F19NETFTPCLIENTCONTROL
_HANDLECHANGEDIRUPREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEDELETEFILEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEGETCURRENTDIRNAMEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEGETDIRLISTINGREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEGETREMOTEFILEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEGETSIZEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEMAKEDIRREPLIES@F19NETFTPCLIENTCONTROL
_HANDLENOOPREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPASSREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPASVREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPBSZREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPORTREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPROTREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEPUTFILEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEQUITREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEREMOVEDIRREPLIES@F19NETFTPCLIENTCONTROL
_HANDLERENAMEFROMREPLIES@F19NETFTPCLIENTCONTROLsb
_HANDLERENAMETOREPLIES@F19NETFTPCLIENTCONTROL
_HANDLESYSTEMREPLIES@F19NETFTPCLIENTCONTROL
_HANDLETYPEREPLIES@F19NETFTPCLIENTCONTROL
_HANDLEUSERREPLIES@F19NETFTPCLIENTCONTROL
_INCREMENTDATAPORT@F16NETFTPCLIENTDATA
_LOGGINGFIRSTTIME@F7_NETALL
_LOGGINGSETUP@F7_NETALL
_OPENPASSIVEDATACONNECTION@F19NETFTPCLIENTCONTROL
_PROCESSGETDIRLISTING@F16NETFTPCLIENTDATA
_PROCESSGETREMOTEFILE@F16NETFTPCLIENTDATA
_PROCESSPUTFILE@F16NETFTPCLIENTDATA
_RELEASE@F7_NETALLl
_SENDFILE@F16NETFTPCLIENTDATA
_SSLGETREMOTECERTIFICATE@F9NETSIMPLEllRl
_TRAPERRORSINPROCESS@F19NETFTPCLIENTCONTROL
_WAIT@F7_NETALLl

user32

CallWindowProcA
PostMessageA
RegisterWindowMessageA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cwdebug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5c48cb972c4cdda650b013598f35a1b

Headers

File Characteristics

Imports

claasc

clados

clanet

clarun

common

cwhhla

kernel32

lspuzipx

tngroot

user32

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 19KB

.cwtls Size: 512B - Virtual size: 22KB

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.cwdebug Size: 512B - Virtual size: 28B

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 19KB

.cwtls
Size: 512B - Virtual size: 22KB

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB

.cwdebug
Size: 512B - Virtual size: 28B