TECLADO[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TECLADO.rar
Size

69KB
MD5

0751fc350d17d669e7284d0174f3847c
SHA1

a5a887b468bb56782e91fd448f01d999e9cd28df
SHA256

ed9e4541e1b79d14d81888a49c3389fe3e64135df7fd4c39665930345ec747af
SHA512

f45e920506a0e22422a1f0f95270c2ec0db3c02bfd807202c9ac0e8297eec7cbfd9b9dedd39fe195f2bf13efa11d942cac342a34dab4ac3fd7ac490e21b65f57
SSDEEP

1536:TnrH43+3zqRGb0v7ACOK7HLGt0026aDkqW9xnEW2NZTTdb/rI1:Tc2Y/LOK7HLGt0J63zPUQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/socd_cleaner.exe

Files

TECLADO.rar
.rar
socd_cleaner.exe
.exe windows:6 windows x64 arch:x64

e8eb2df32e872fe0b1124a29f0c20765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetKeyNameTextW
DispatchMessageA
TranslateMessage
GetMessageW
CheckRadioButton
RegisterClassExW
LoadCursorA
LoadIconA
SetWinEventHook
DefWindowProcW
SetFocus
PostQuitMessage
GetWindowThreadProcessId
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
MapVirtualKeyW
SendInput
CallNextHookEx
CreateWindowExW
wsprintfW
MessageBoxA

shlwapi

PathStripPathA

kernel32

TlsSetValue
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetFileSizeEx
ReadConsoleW
ReadFile
SetFilePointerEx
CreateFileW
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetLastError
ExitProcess
OpenProcess
QueryFullProcessImageNameA
CloseHandle
GetModuleHandleA
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
FindClose
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8eb2df32e872fe0b1124a29f0c20765

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 58KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 58KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB