492bf60d291d41316d4cfb7e31fb875c6e5c7371bb2a5375348b0e207610e3a2

Sharing

Copy URL Twitter E-mail

General

Target

492bf60d291d41316d4cfb7e31fb875c6e5c7371bb2a5375348b0e207610e3a2
Size

310KB
MD5

c2249157a0ce23f6beec9c760637e7a0
SHA1

75030885e24a284bb8ae14db56e53c0373e527aa
SHA256

492bf60d291d41316d4cfb7e31fb875c6e5c7371bb2a5375348b0e207610e3a2
SHA512

a75a6586bd0a575a05f9ddb0684e391b061701b6e292bc04cb657a6057b78043f60325106fce3aca04ed43fb03abd7e3bbfda3ab94b1078e610f3ccf9f56e739
SSDEEP

6144:MZIO9SF+qJLXIS6JbdKCdCRjxbRVNFYGoA2PfjUn:MZEjroIUCRjxbRVPRo9r8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
492bf60d291d41316d4cfb7e31fb875c6e5c7371bb2a5375348b0e207610e3a2

Files

492bf60d291d41316d4cfb7e31fb875c6e5c7371bb2a5375348b0e207610e3a2
.dll windows:5 windows x86 arch:x86

af2c987e1cfba9b37d0ab4842d955793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\po\trunk\modules\rptcache\Release\rptcache32.pdb

Imports

kernel32

GetLastError
CopyFileW
DeleteFileW
CloseHandle
GetLocalTime
EnterCriticalSection
lstrcmpW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoA
GetLocaleInfoW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WaitForSingleObject
lstrlenA
DisableThreadLibraryCalls
lstrcmpA
CreateFileA
FindFirstFileW
VirtualQuery
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
HeapFree
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
WideCharToMultiByte
lstrcpynW
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
lstrlenW
GetCurrentDirectoryW
SetLastError
GetProcAddress
FindClose
LoadLibraryA
CreateEventW
RemoveDirectoryW
Module32FirstW
GetModuleHandleA
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
Module32NextW
FileTimeToLocalFileTime
GetCurrentProcessId
LocalFree
lstrcpyW
SetFileAttributesW
lstrcpyA
GetCurrentThreadId
CreateThread
GetWindowsDirectoryW
OutputDebugStringW
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW

advapi32

RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
FreeSid
RegEnumValueW
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW

shlwapi

wnsprintfW
SHDeleteValueW
PathFileExistsW
SHDeleteKeyW
StrStrIW
PathFindFileNameW
PathAppendW
SHGetValueW
SHSetValueW
StrChrA
wnsprintfA
wvnsprintfA
StrCatBuffW
SHGetValueA
PathIsDirectoryW
wvnsprintfW
StrNCatW

ws2_32

WSAGetLastError
recvfrom
WSAStartup
bind
socket

shell32

SHGetSpecialFolderPathW
ord165

ole32

CoCreateGuid

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af2c987e1cfba9b37d0ab4842d955793

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shlwapi

ws2_32

shell32

ole32

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 10KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 10KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB