ada7ca0558ffd2f7832362f5e0126ae37ad11d2927bfcccb9446135062151f17N

Sharing

Copy URL Twitter E-mail

General

Target

ada7ca0558ffd2f7832362f5e0126ae37ad11d2927bfcccb9446135062151f17N
Size

55KB
MD5

247c7b5493342848b91ff524c9cf4210
SHA1

9cf52f7188df3ee70ef0c76a996d43cc367db5cd
SHA256

ada7ca0558ffd2f7832362f5e0126ae37ad11d2927bfcccb9446135062151f17
SHA512

cf55698442b21f4fb4c32bfb58d8066ab8cea81f50f0d4772ebd24b33fdfad11feb1343549ea902c3e3e594f886f80e116a017897e2c85e11dcea66ae19c39a8
SSDEEP

1536:Ld0/tzLuRMKks/QKYvQc+OY5vl21GTiQCf6Rb9Kvi+cM:h0/t/vX+QtQcqxl21mnCfwBKxcM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/riprep.exe

Files

ada7ca0558ffd2f7832362f5e0126ae37ad11d2927bfcccb9446135062151f17N
.cab
riprep.exe
.exe windows:5 windows x86 arch:x86

302421a3c4fdf29c377fe006e3a5f3c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

riprep.pdb

Imports

msvcrt

__p__fmode
__set_app_type
_controlfp
_vsnprintf
memset
memcpy
memmove
swprintf
wcscat
_snwprintf
wcsstr
wcsncpy
printf
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
setlocale
wcscpy
wcstombs
towlower
wcsncat
_itow
_wtoi
wcsncmp
_wcsnicmp
wcsrchr
strstr
strchr
time
_wctime
wcslen
_wcsicmp
_except_handler3
wcschr
malloc
free
_vsnwprintf
__p__commode

advapi32

RegCloseKey
IsTextUnicode
EnumDependentServicesW
QueryServiceStatus
InitiateSystemShutdownExW
GetServiceDisplayNameW
RegQueryValueW
EnumServicesStatusExW
RegSaveKeyW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegOpenKeyW
RegQueryValueExW
OpenEventLogW
ClearEventLogW
CloseEventLog
GetFileSecurityW
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegUnLoadKeyW
RegLoadKeyW
OpenProcessToken
LookupPrivilegeValueW
RegDeleteKeyW
RegEnumKeyW
AdjustTokenPrivileges
RegCreateKeyExW
LookupAccountSidW
GetSidSubAuthority
GetLengthSid
GetSidLengthRequired
GetSidSubAuthorityCount
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
LsaOpenPolicy
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW

kernel32

OpenProcess
MoveFileExW
SearchPathW
GetVolumeInformationW
LocalReAlloc
GetVersionExW
LocalFree
LocalAlloc
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
DeleteFileW
SetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetPrivateProfileSectionNamesW
SetLastError
GetPrivateProfileIntW
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
CompareStringW
GetPrivateProfileStringW
lstrcmpiW
CloseHandle
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileSectionW
GetModuleFileNameW
CreateDirectoryW
_lwrite
_lcreat
SetFileAttributesA
_lclose
_lread
_llseek
_lopen
SetErrorMode
Sleep
CopyFileW
MoveFileW
WriteFile
SetFilePointer
CreateFileW
GlobalAlloc
GlobalFree
VirtualFree
VirtualAlloc
WaitForSingleObject
CreateThread
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
GetTickCount
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
InitializeCriticalSection
GetFileAttributesW
ReadFile
InterlockedCompareExchange
lstrlenA
GetLocalTime
DeleteCriticalSection
GetLocaleInfoW
GetSystemDefaultLangID
GetSystemInfo
GetEnvironmentVariableW
CreateMutexW
GetCommandLineW
GetCurrentProcess
GetTempFileNameW
GetTempPathW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
lstrcpyW
CreateFileA
GetTimeFormatA
GetDateFormatA
GetFileAttributesA
DeleteFileA
GetModuleHandleW
GetCurrentThread
CreateEventW
InterlockedIncrement
SetEvent
lstrcatW
GetLastError
GetShortPathNameW

gdi32

SetBkMode
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
DeleteObject
SetTextColor
SelectObject
SetBkColor
GetTextExtentPointW
GetTextMetricsW
DeleteDC
StretchBlt
TextOutW
CreateCompatibleDC
CreateBrushIndirect

user32

DrawTextW
DialogBoxParamW
SetWindowTextW
SendMessageTimeoutW
CharPrevW
CharNextW
LoadStringW
ReleaseDC
SendDlgItemMessageW
SystemParametersInfoW
LoadImageW
SetWindowPos
DestroyWindow
GetDlgItemTextW
MessageBoxW
EnableWindow
GetClientRect
LoadIconW
SetFocus
SetDlgItemTextW
GetSysColor
EndDialog
CallWindowProcW
LoadCursorW
SetCursor
InvalidateRect
GetWindowTextW
GetDesktopWindow
RegisterClassExW
CreateWindowExW
CreateDialogParamW
BeginPaint
GetSystemMetrics
FillRect
EndPaint
DefWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
SetWindowLongW
GetParent
PostMessageW
SendMessageW
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongW
GetWindowTextLengthW
GetDC
GetDlgItem

ntdll

NtOpenSymbolicLinkObject
NtQueryDirectoryFile
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlAdjustPrivilege
NtClose
NtDeleteValueKey
NtOpenKey
RtlInitUnicodeString
NtReadFile
NtCreateFile
DbgPrint
NtEnumerateKey
NtQueryValueKey
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtDeviceIoControlFile
NtQueryInformationFile
NtSetInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtUnloadKey
NtFlushKey
NtLoadKey

comctl32

PropertySheetW
ImageList_Create
CreatePropertySheetPageW
ImageList_ReplaceIcon

shlwapi

PathIsDirectoryW
StrCmpNW
PathCompactPathW
StrCmpW
StrChrW
StrRChrW
StrCmpNIW
StrDupW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
SHDeleteKeyW
SHSetValueW

shell32

SHEmptyRecycleBinW

netapi32

NetApiBufferFree
NetUnjoinDomain
NetServerGetInfo
NetShareGetInfo
NetGetJoinInformation

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupCloseFileQueue
SetupDefaultQueueCallbackW
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextLine
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupCommitFileQueueW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupGetIntField
SetupSetDirectoryIdW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupOpenFileQueue
SetupDiCreateDeviceInfoList
SetupGetLineByIndexW
SetupGetLineCountW
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceInstallParamsW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

imagehlp

CheckSumMappedFile

userenv

GetProfilesDirectoryW

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntryA
FindCloseUrlCache
FreeUrlCacheSpaceW

Exports

Exports

DCCheck
MultipleProfileCheck

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

302421a3c4fdf29c377fe006e3a5f3c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

comctl32

shlwapi

shell32

netapi32

version

setupapi

ole32

imagehlp

userenv

wininet

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 1024B - Virtual size: 31KB

.rsrc Size: 67KB - Virtual size: 67KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 1024B - Virtual size: 31KB

.rsrc
Size: 67KB - Virtual size: 67KB