XDR_ResponseApp_CollectFile_RM-20240927-00010_20ecb3ba-e1b9-4e86-9b4d-faca482d4697_20240927T113147Z[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

XDR_ResponseApp_CollectFile_RM-20240927-00010_20ecb3ba-e1b9-4e86-9b4d-faca482d4697_20240927T113147Z.7z
Size

762KB
MD5

b1444c7539b426676dfe1cd2716bc379
SHA1

9986b3b13574b515780fc1f4ae737ad2c50ec46b
SHA256

7cd76ef88d94f7c4b6027040308c73bb520f8635ab2b970fd5b971237f6e7c8e
SHA512

4ee19a172c63cf1b497c6fe99fd2f5ba474000f1e55ed0e55f8cc2e2dd244cce2b2630135f46d2921de94282d90726779d91d74df3b67f1f8376e0c5427d58d6
SSDEEP

12288:gm2OEZksZMx38SJMF5PTAwN35XdTLMnKFifut7jGAFNJeRVUUe98CHMK6eugxJ51:g0SO9XJqAuJdcnKEfu5jJfeRV8DHMGuM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ipmsg_NEW.exe

Files

XDR_ResponseApp_CollectFile_RM-20240927-00010_20ecb3ba-e1b9-4e86-9b4d-faca482d4697_20240927T113147Z.7z
.zip

Password: f9doacrm
ipmsg_NEW.exe
.exe windows:5 windows x86 arch:x86

Password: f9doacrm

ac0e5c5320a1300f020ec3815976735e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\IPMsg_it\Obj\Release\IPMsg.pdb

Imports

kernel32

TerminateThread
LoadLibraryA
GetVersionExA
LoadLibraryW
DeleteCriticalSection
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
CreateEventA
GetTickCount
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetCurrentThreadId
RtlCaptureStackBackTrace
OutputDebugStringW
CreateFileA
FreeConsole
WriteConsoleW
GetCurrentProcessId
IsBadReadPtr
AllocConsole
SetUnhandledExceptionFilter
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetDiskFreeSpaceW
LockFile
SetEvent
SetEndOfFile
UnlockFileEx
CreateMutexW
GetVersionExW
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
QueryPerformanceCounter
FlushFileBuffers
GetConsoleMode
OpenProcess
GetModuleHandleA
GetSystemDirectoryW
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
InterlockedCompareExchange
ExpandEnvironmentStringsW
VirtualFree
EnterCriticalSection
SetThreadLocale
GetDriveTypeW
WideCharToMultiByte
MoveFileExW
GetThreadLocale
SetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileInformationByHandle
MultiByteToWideChar
SetFileAttributesW
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GetDriveTypeA
GetSystemDefaultLCID
SetPriorityClass
SetSystemPowerState
ResumeThread
SuspendThread
FileTimeToSystemTime
SetFileTime
LocalFree
GetComputerNameW
IsDBCSLeadByte
SetLastError
CreateDirectoryW
GetModuleFileNameA
CreateProcessW
GetTempPathW
FindClose
ReadFile
FreeLibrary
GetProcAddress
Sleep
SetFilePointer
GetFileTime
GetFileSizeEx
GetFileSize
CreateFileW
GetFileAttributesW
GetFullPathNameW
MulDiv
CopyFileW
DeleteFileW
GetLastError
ExitProcess
SetDllDirectoryA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCommandLineW
VirtualQueryEx
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcess
GlobalUnlock
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
WriteFile
GetLocalTime
GetFullPathNameA
GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
ResetEvent
CreateEventW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetFilePointerEx

gdi32

GetTextExtentExPointW
EnumFontFamiliesExW
PatBlt
GetTextExtentExPointA
AngleArc
Rectangle
CreateBrushIndirect
GetDeviceCaps
GetTextMetricsA
DPtoLP
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDIBitmap
CreateRectRgn
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
LineTo
CreatePen
SelectClipRgn
MoveToEx
CreateSolidBrush
ExtSelectClipRgn
RoundRect
GetObjectA
CreateFontIndirectA
DeleteObject
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontA

advapi32

LookupPrivilegeValueA
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CryptGetHashParam
RegCloseKey
RegQueryValueExA
RegDeleteKeyW
RegQueryValueW
RegCreateKeyExW
RegQueryValueA
RegEnumKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
AdjustTokenPrivileges
CryptDestroyKey
OpenProcessToken
InitiateSystemShutdownExA
CryptGetUserKey
CryptAcquireContextA
CryptExportKey
CryptGenKey
CryptReleaseContext
CryptVerifySignatureA
CryptEncrypt
CryptGenRandom
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptSignHashW
GetUserNameW

shell32

SHGetSpecialFolderPathW
ord680
ShellExecuteW
Shell_NotifyIconW
ExtractIconW
SHGetMalloc
ShellExecuteA
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
DragFinish
DragQueryFileW
ord155
SHOpenFolderAndSelectItems
SHChangeNotify
ord190
ShellExecuteExW

ole32

CoUninitialize
CreateStreamOnHGlobal
ReleaseStgMedium
OleSetContainedObject
OleDuplicateData
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateStaticFromData
CoInitialize
PropVariantClear
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: f9doacrm

Password: f9doacrm

ac0e5c5320a1300f020ec3815976735e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 53KB - Virtual size: 262KB

.rsrc Size: 228KB - Virtual size: 228KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 53KB - Virtual size: 262KB

.rsrc
Size: 228KB - Virtual size: 228KB