49942157ca07d189afbacace8dbf28148a0b59afffedaf3753a3c7d0b0dac3d4N

Sharing

Copy URL Twitter E-mail

General

Target

49942157ca07d189afbacace8dbf28148a0b59afffedaf3753a3c7d0b0dac3d4N
Size

46KB
MD5

ecb54b9f9829b0efde5bd2d5c51d6aa0
SHA1

98c0548fb958be4c212ef459e0b01bdf995393e1
SHA256

49942157ca07d189afbacace8dbf28148a0b59afffedaf3753a3c7d0b0dac3d4
SHA512

1318b7e5e04db8ccae41d46a023f47b1dd48b623bb18973c53ce339d8f65ee5a038cce4e5c67a216cfe7123928b9c8b2ed49cec04fa834a8d72f2feec376d438
SSDEEP

768:Gm8X3Jfx5v0CoFMyiii9ygoOTCupyEXQovhuETNN2mHahJVuwe6oCou:t8ZnsCoQdCgFnu2Nks0c6oC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gprslt.exe

Files

49942157ca07d189afbacace8dbf28148a0b59afffedaf3753a3c7d0b0dac3d4N
.cab
gprslt.exe
.exe windows:5 windows x86 arch:x86

4bf91265cc138778a83ab6537d8e4af8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gprslt.pdb

Imports

user32

CharUpperW
LoadStringW
wsprintfW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayGetElement
SysAllocString
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantCopy
VariantInit

secur32

GetComputerObjectNameW
TranslateNameW
GetUserNameExW

ws2_32

inet_addr
gethostbyaddr
WSAStartup
WSAGetLastError
WSACleanup

shlwapi

StrStrIW
StrStrW
StrChrIW
StrChrW

netapi32

NetApiBufferFree
NetServerGetInfo
DsGetDcNameW

framedyn

??YCHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBG@Z
?Format@CHString@@QAAXPBGZZ
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??0CHString@@QAE@ABV0@@Z
??H@YG?AVCHString@@ABV0@PBG@Z
?MakeLower@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
??H@YG?AVCHString@@ABV0@0@Z
?GetBuffer@CHString@@QAEPAGH@Z
??0CHString@@QAE@PBD@Z

ntdsapi

DsUnBindW
DsCrackNamesW
DsBindWithCredW
DsFreeNameResultW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_iob
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_vsnwprintf
wcstok
_errno
_get_osfhandle
_fileno
_except_handler3
wcstod
wcstoul
wcstol
fflush
fprintf
strtok
_CxxThrowException
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
??1type_info@@UAE@XZ
_controlfp
__setusermatherr
_c_exit

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegConnectRegistryW
LookupAccountNameW
LookupAccountSidW
ConvertStringSidToSidW
RegQueryValueExW
LsaClose
LsaOpenPolicy
LsaFreeMemory
LookupPrivilegeDisplayNameW
LsaEnumerateAccountRights
LsaNtStatusToWinError

kernel32

GetConsoleOutputCP
GetModuleFileNameW
ExitProcess
CloseHandle
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
lstrlenW
WriteConsoleW
SetConsoleCursorPosition
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
HeapReAlloc
HeapFree
LocalFree
CreateMutexW
GetLastError
OpenMutexW
InterlockedIncrement
LocalAlloc
FormatMessageW
InterlockedDecrement
GetComputerNameW
SetConsoleMode
ReadFile
ReadConsoleW
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetUserDefaultLCID
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
GetTimeFormatW
GetDateFormatW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReleaseMutex
GetComputerNameExW

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf91265cc138778a83ab6537d8e4af8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

mpr

ole32

oleaut32

secur32

ws2_32

shlwapi

netapi32

framedyn

ntdsapi

version

msvcrt

advapi32

kernel32

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 34KB - Virtual size: 34KB