Sapgui_7[.]70_Patch_3_with_Bex_NEGOCIO_20210929_1018[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Sapgui_7.70_Patch_3_with_Bex_NEGOCIO_20210929_1018.exe
Size

132.6MB
MD5

eeeb97de985da5d80b601bab46ce872f
SHA1

29c5522720ec9314f0b3dc0af3f1fe7e48ba8cc3
SHA256

e27c6848d26ffa2496cd9bc17476ae8f95d215a4144515efe7171e8375fdeb54
SHA512

72e5e2be5834ef585bc35e4d3a59471ad4345030ae10296bb1813dc10103a9afa8f9ad726e17c56f2be8fcf63d1c37d71b13f4f28a9f93ac7d23a2847db3e23f
SSDEEP

3145728:poUtQ6mVeWrJUFQw8icYcoWCQ72hyPQfPrKp8k7XDr9TOi72OQZ4:FtQ6OriadqWLahIQfPGmsHRP7GS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Sapgui_7.70_Patch_3_with_Bex_NEGOCIO_20210929_1018.exe

Files

Sapgui_7.70_Patch_3_with_Bex_NEGOCIO_20210929_1018.exe
.exe windows:6 windows x86 arch:x86

Password: cucocarecuco

5c27b832c7926680f54fc32f5bcb7ad1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\701\w\6ix4ep9oxh\gen\src\OptU\ntintel\SapSx.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
LockResource
FindResourceExW
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
GetSystemInfo
HeapReAlloc
HeapSize
HeapDestroy
DecodePointer
LoadLibraryW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InitializeCriticalSectionEx
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
DeleteCriticalSection
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableW
GetCommandLineW
RemoveDirectoryW
DeleteFileW
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
UnmapViewOfFile
MapViewOfFile
GetStdHandle
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
SetFilePointerEx
SetEnvironmentVariableA
CreateFileMappingW
WideCharToMultiByte
SetLastError
CloseHandle
GetLastError
FindClose
GetFileAttributesW
CreateFileW
GetFileInformationByHandle
GetFileSizeEx
GetTempPathW
GetCurrentDirectoryW
GetTempFileNameW
SetFileAttributesW
CopyFileW
MoveFileW
Sleep
FindFirstFileW
FindNextFileW
WriteFile
ReadFile
SetFilePointer
CreateDirectoryW
GetDriveTypeW
GetWindowsDirectoryW
GetSystemDirectoryW
GetNativeSystemInfo
GetComputerNameW
GetCurrentProcess
ExpandEnvironmentStringsW
GetEnvironmentVariableW
FormatMessageW
LocalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
DeviceIoControl
CreateMutexW
WaitForSingleObject
ReleaseMutex
QueryPerformanceFrequency
GetCurrentProcessId
GlobalMemoryStatusEx
QueryPerformanceCounter
OpenMutexW
FlushFileBuffers
TerminateProcess
SetErrorMode
GetCurrentThread
SetCurrentDirectoryW
ReadProcessMemory
VirtualQuery
CreateProcessW
CreatePipe
PeekNamedPipe
WaitForMultipleObjects
GetExitCodeProcess
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSize
TryEnterCriticalSection
QueueUserWorkItem
GetModuleHandleExW
IsProcessorFeaturePresent
EncodePointer
GetStringTypeW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualProtect
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetFullPathNameW
CreateToolhelp32Snapshot

user32

ShowWindow
SendMessageW
GetSystemMenu
PostMessageW
IsWindow
WaitForInputIdle
AppendMenuW
DestroyMenu
DestroyWindow
DefWindowProcW
MessageBoxW
CharNextW
DialogBoxParamW
UnregisterClassW
GetActiveWindow
SetWindowLongW
GetDesktopWindow
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetWindowTextW
EndDialog
LoadIconW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathIsNetworkPathW
AssocQueryStringW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetWkstaGetInfo

cabinet

ord20
ord21
ord23
ord22

shell32

FindExecutableW
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: cucocarecuco

5c27b832c7926680f54fc32f5bcb7ad1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

version

netapi32

cabinet

shell32

Sections

.text Size: 574KB - Virtual size: 574KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 13KB - Virtual size: 20KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 574KB - Virtual size: 574KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 13KB - Virtual size: 20KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 33KB - Virtual size: 32KB