e24277bcfd7b00bb2ef94af905cd2525239a0304a7e995ed8df593357d73bf7cN

Sharing

Copy URL Twitter E-mail

General

Target

e24277bcfd7b00bb2ef94af905cd2525239a0304a7e995ed8df593357d73bf7cN
Size

302KB
MD5

fdff22456c492d3c4870a9f62c8bb970
SHA1

19be4b3d15e37ae47d9c874f22a395658d7ec8a2
SHA256

e24277bcfd7b00bb2ef94af905cd2525239a0304a7e995ed8df593357d73bf7c
SHA512

bafd124dcab81bc3ffe24f109dd1c39cfb06daf3d46893fde3ed5a8224f6f1f93cc769dbc074512231700031451e438379b7b6bf0ca72b7073a8c19f695fc21c
SSDEEP

6144:++JIQtDAO+QAUf+JSY1eBjrRih7wCbTphZ0H/3ETC:++JIQtDAO+QAUf+JSY1eBjrRih7wCbTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e24277bcfd7b00bb2ef94af905cd2525239a0304a7e995ed8df593357d73bf7cN

Files

e24277bcfd7b00bb2ef94af905cd2525239a0304a7e995ed8df593357d73bf7cN
.dll windows:4 windows x86 arch:x86

74b3f5fab0036994ec61e9f89af8b30e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
ACREATE
?exePcodeEval
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?conNewString
?domAssign
?momSOff
DLLLOAD
DLLCALL
DLLUNLOAD
?retStackItem
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
?nomClassLock
?nomTryFindRegisteredClass
?retObject
?nomClassUnlock
THREAD
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?nomRegisterClass
?nomCallInitClass
?conRelease
?conGetSelfClass
?conMemberToItem
?conSendItem
?domValXEql
?conNewCon
?conAssignRefWMember
ISMEMBERVAR
?retStackValue
?pushDynamicCodeBlock
STR
ALLTRIM
?domAdd
EMPTY
APPDESKTOP
AEVAL
?domNot
?retNil
SHARKTRAP
?frameLockSync
__vft19ConNumericIntObject10AtomObject
RTLBDEBUG
SLEEP
VERSION
VAL
LEN
AT
SUBSTR
UPPER
?domXEql
?andShortCut
?domLCmp
?domAnd
THREADID
AADD
ATAIL
?domGetElem
?domRefElem
ASORT
?momUnlockSync
?domGCmp
?domLECmp
SYMBOLINFO
__vft14ConLogicObject10AtomObject
THREADINFO
?domNEql
VAR2LCHAR
__vft20ConStringConstObject10AtomObject
VALTYPE
VAR2CHAR
?orShortCut
?domOr
?executeMacro
EVAL
SET
DATE
DTOS
TIME
PADL
?domAddEqu
QOUT
MSGBOX
OS
?domValNEql
CHR
REPLICATE
L2BIN
STUFF
BIN2U
?domDiv
INT
?conOpNewInt
MEMORY
THREADOBJECT
APPEVENT
DTOC
?domSub
?domInc
?domSubStr
?getStackMember
XBPFONT
__vft21ConNumericFloatObject10AtomObject
__retl
__conPutNL
__conRelease
__conParam
__conGetNL
__conTypeV2
__retnl
FIELDNAME
?setSWArea
?restWArea
?floadTos
?domGECmp
?domValLECmp
?domMul
ARRAY
?domValLCmp
GRALINE
GRABITBLT
ASCAN
ACLONE
SELECT
ORDSETFOCUS
DBSELECTAREA
ORDLISTCLEAR
FIELDINFO
LEFT
_EARLYBOUNDCODEBLOCK
ORDCREATE
RECNO
ORDCONDSET
GETENV
ORDBAGEXT
FILE
FERASE
CHAR2VAR
_osiDllRemove
_osiDllInsert
__This_DLL_needs_version_2_00_0

xppsys

GRAMAKERGBCOLOR

kernel32

GetProcAddress
LoadLibraryA
Sleep

user32

ShowWindow
IsWindowVisible
SendMessageA

adac20b

DACPAGEDDATASTORE

xppdui

XBPTREEVIEW
XBPQUERYSTRINGSIZE
XBPDIALOG
XBPSTATIC
XBPSPINBUTTON
XBPCHECKBOX
XBPSLE
XBPPUSHBUTTON
XBPTABPAGE
XBPLISTBOX
XBPQUICKBROWSE

Exports

Exports

CREATEMEMWATCH
GETATTRIBUTE
ISCHILDOF
SETGC
XBPMEMWATCH
XTOSTRING
_WINFLASHWINDOW
_WINGETFREESYSTEMRESOURCES
_XBPMEMWATCH

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xpp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74b3f5fab0036994ec61e9f89af8b30e

Headers

File Characteristics

Imports

xpprt1

xppsys

kernel32

user32

adac20b

xppdui

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 251KB

.data Size: 30KB - Virtual size: 30KB

.rdata Size: 512B - Virtual size: 44B

.xpp Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 272B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 251KB - Virtual size: 251KB

.data
Size: 30KB - Virtual size: 30KB

.rdata
Size: 512B - Virtual size: 44B

.xpp
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 272B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 11KB - Virtual size: 10KB