698b5931fcb1e2b9d00ab66e2e09a5a73be59f6cea6465a5b9c6934db409b02cN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

698b5931fcb1e2b9d00ab66e2e09a5a73be59f6cea6465a5b9c6934db409b02cN.exe
Size

1.6MB
MD5

15cac2cef214be8f6eaddbc5c8c872c0
SHA1

68cf2573061202b8416e71098b8f94ca60c4a072
SHA256

698b5931fcb1e2b9d00ab66e2e09a5a73be59f6cea6465a5b9c6934db409b02c
SHA512

f95ae46d4f570cd9d99d7db4698583a0c1752e58622a57a1055798cc6271f4e5a0a53046c5f8d3f0cbc528b73fede340937420fc5b1976541ef954cfa2759b25
SSDEEP

12288:qK2DM9zWSvbCGDO0x4kpuKxkGnUXEFR+mNtl49Ea+:qKWM0SveIOw4kpuKeGxt4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
698b5931fcb1e2b9d00ab66e2e09a5a73be59f6cea6465a5b9c6934db409b02cN.exe

Files

698b5931fcb1e2b9d00ab66e2e09a5a73be59f6cea6465a5b9c6934db409b02cN.exe
.exe windows:4 windows x86 arch:x86

f9ea4080f83a5347ffbbd08000955e0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

leri7

ACE32INIT
DOSTEPHASLO
JEST_LICEN
JEST_DYSK
FREECURSOR
MEVENTCLR
KALKULATOR
WYLICZSIZEDA
WSTOOLBAR
WSSTATUSBAR
TESTSAY_0
KLUCZASCII
WSTESTSAY
CONVSTR
LSTARRAY
WSNGLWIN
KLAW__POLE
WSMLETEXT
KLAW__KLAW
WSOPENWIN
WSEVENTKEY
GETDATAALL
WSCLOSEWIN
WSCLOSEGLOB
DELCHILDLIST
UWAGASAY
WSCHECKBOX
WSGETTEXT
WSEVENT
WSSAYING
WSTEXT
WSXBITMAP
WSBUTTON
WYBORPLIKU
PYTAJSAY
TABELAADS
SQLCURSOR
WINITVARS
WCLRVARS
WEQUVARS
DESZYFR
WREPLVARS
WFREEVARS
WSRAMKA
WSGETNUM
VALIDALL
WSEDITGET
FREADLN
LSTBROWSE
STABILIZACJA
WYLBRSZER
WSBROWSE
BROWSEREK
BLOKBAZA
SZYFR
LINIAGET
DISABLECHILDWIN
DELDATAALL
ENABLECHILDWIN
WSSTEELSAY
WSSTEEL
WSTREEVIEW
TEST_BLANK
WSCOMBOBOX
WSGETDATE
POKAZSAY
WSSLETEXT
STARTDRUK
STOPDRUK
PRINT_PLIK
KALKULGL
WSUWAGASAY
TEST_BLOK
SQL_USE
BLOKREKORD
WSSPINBUTTON
ADS_USE
PISZTEKST
WYSLIJERROR
ADSCONNECT60
ADSDISCONNECT
ADSDDCREATE
ADSSQLCMD
ADSCREATETABLE
ADSAPPENDRECORD
ADSWRITERECORD
ADSCLOSEALLINDEXES
ADSCLOSETABLE
ADSOPENTABLE
ADSCREATEINDEX
ADSDDDELETEINDEX
ADSDDREMOVEINDEXFILE
ADSREINDEX
ADSDDFINDFIRSTOBJECT
ADSDDFINDNEXTOBJECT
ADSDDFINDCLOSE
ADSGETNUMFIELDS
ADSGETFIELDNAME
ADSGETFIELDTYPE
ADSGETFIELDLENGTH
ADSGETFIELDDECIMALS
ADSGETNUMINDEXES
ADSGETALLINDEXES
ADSGETINDEXNAME
ADSGETINDEXEXPR
ADSISINDEXDESCENDING
ADSPACKTABLE
ADSZAPTABLE
ADSDDCREATEUSER
ADSDDSETUSERPROPERTY
ADSDDREMOVETABLE
TXTSQL
FLOATSQL
INTSQL
DATASQL

xbzlib

XBZLIBZIP

xppui2

XBPFILEDIALOG

xbtbase1

STRFILE
HEXTOSTR
CRYPT
TOKEN
DIRMAKE
FILECOPY
COM_OPEN
COM_CLOSE
MILLISEC
SETDATE
SETTIME
FLOOR
DIRCHANGE
CEILING
NUMTOKEN
BOM
NTOC

xbtbase2

FILESTR
LTOC

asxml10

XMLGETTAG
XMLDOCOPENSTRING
XMLDOCGETERRORLIST
XMLDOCGETROOTTAG
XMLDOCOPENFILE
XMLDOCCLOSE

asinet10

LOADFROMURL

adac20b

DACSESSION

adsutil

_ADSSETDATEFORMAT
_ADSIMPORT

ascom10

XBPACTIVEXCONTROL

odbcut10

SQLSTMTEXEC

asinet1c

SOCKETGETHOSTNAME
SOCKETGETHOSTBYNAME
SOCKETINETNTOA

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?momSOff
LOADRESOURCE
?domGetElem
?symPublicConst
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?conNNewNil
ACREATE
SETAPPWINDOW
CURDRIVE
?domAdd
CURDIR
?getRFPC
?conAssignRefWMember
?domAssign
__vft14ConLogicObject10AtomObject
?pushCodeBlock
?conSendItem
SETAPPFOCUS
EMPTY
?retStackValue
?symRefItemConst
TIME
LEFT
DATE
DAY
STRZERO
RIGHT
MONTH
STR
FILE
?andShortCut
?domNot
?domAnd
_BREAK
?getWFPC
?domAddEqu
DBCLOSEAREA
ALLTRIM
SELECT
?ehUnsetContext
?ehGetBreakContainer
?conRelease
_QUIT
APPEVENT
ASCAN
?domNEql
EVAL
?domEql
?domGCmp
?domLCmp
?passParameter
?conNewCon
XBPHELP
__vft20ConStringConstObject10AtomObject
__vft19ConNumericIntObject10AtomObject
RUNSHELL
?domSubStr
?orShortCut
?domOr
__vft21ConNumericFloatObject10AtomObject
?domInc
ISMEMVAR
SPACE
DTOC
ISPRINTER
CHR
REPLICATE
PADR
PADL
SUBSTR
UPPER
_COPYFILE
DLLLOAD
MSGBOX
DLLPREPARECALL
DLLEXECUTECALL
DLLUNLOAD
RTRIM
STRTRAN
AT
?retStackItem
DIRECTORY
LEN
AADD
AEVAL
?domValSubStr
?conMemberToItem
?conNewLogic
INT
FEXISTS
RAT
CREATEDIR
ARRAY
?domRefElem
?domSubEqu
?domValEql
YEAR
DBSELECTAREA
DBDELETE
DBEVAL
VAL
DBUSEAREA
NETERR
DBGOTOP
EOF
DBAPPEND
DBSKIP
USED
?domXEql
?conOpNewInt
FERASE
FSIZE
?getWCFC
FOPEN
DBCREATE
INDEXORD
_KEYBOARD
BOF
VALTYPE
STOD
DTOS
GETENV
ALIAS
RECNO
?floadTos
DBPACK
?setSWArea
?restWArea
?getRFSC
DBCOMMIT
?getRCFC
DBGOTO
LTRIM
POSTAPPEVENT
?domValXEql
_EARLYBOUNDCODEBLOCK
DBLOCATE
FOUND
?symGetItemConst
?domSub
SET
?conNewString
DBELIST
DBELOAD
DBESETDEFAULT
?conOpNewFloat
DBZAP
ROUND
?domGECmp
__vft14ConStringShort10AtomObject
SETKEY
?domValGCmp
ACLONE
?callStack
CTOD
XBPPRINTER
DBCLOSEALL
?domMul
?domValNEql
?domLECmp
APPDESKTOP
AFILL
ASC
?domPostInc
DBEBUILD
DBEINFO
SETLOCALE
OS
LASTREC
ISFIELDVAR
?Xb2MacroSubstStringConst
RECCOUNT
DBUNLOCK
DBCLEARFILTER
DBSETFILTER
INKEY
?domDiv
FWRITE
?setCWArea
DBSEEK
?getRFCC
DEVPOS
DEVOUT
?domMod
DBSETORDER
DOW
LOWER
DBSETINDEX
FCOUNT
FIELDNAME
?symPublicFalse
?executeLMacro
?getRCFS
DBCLEARSCOPE
?executeMacro
?getWCFS
FCLOSE
DBSTRUCT
ASIZE
TRIM
FRENAME
FREAD
FSEEK
DLLCALL
BREAK
ERRORBLOCK
DBSESSION
DOSERRORMESSAGE
APPTYPE
ROW
COL
ALERT
SETPOS
ERRORLEVEL
ISMETHOD
PROCNAME
PROCLINE
CONFIRMBOX
ROOTCRT
TONE
QOUT
OUTERR
APPNAME
VERSION
VAR2CHAR
QQOUT
MLCOUNT
MEMOLINE
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conGetSelfClass
?conGetClass
?domValLECmp
?getRFSS
ISDIGIT
ORDLISTADD
ORDCOUNT
ORDNAME
ORDKEY
ORDLISTCLEAR
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version

xppsys

MOD
XBPMENU
UNICODE2STR
XBPTREEVIEWITEM
READINSERT
XBPPRESSPACE
XBPDIALOG
XBPSLE
XBPPUSHBUTTON
GRAMAKERGBCOLOR
APPEXIT

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9ea4080f83a5347ffbbd08000955e0b

Headers

File Characteristics

Imports

leri7

xbzlib

xppui2

xbtbase1

xbtbase2

asxml10

asinet10

adac20b

adsutil

ascom10

odbcut10

asinet1c

xpprt1

xppsys

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 159KB - Virtual size: 158KB

.xpp Size: 6KB - Virtual size: 6KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 159KB - Virtual size: 158KB

.xpp
Size: 6KB - Virtual size: 6KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 50KB - Virtual size: 49KB