f7090c7e2b3a4b84806b92b33b31ab5eb3b2f3578f41eebe1c99782e3f17bb93

Sharing

Copy URL

Twitter E-mail

General

Target

f7090c7e2b3a4b84806b92b33b31ab5eb3b2f3578f41eebe1c99782e3f17bb93
Size

1.2MB
MD5

2c73ddb33c7d5b00141a855fa75f41a6
SHA1

b0c99c382bb4088aea00f6a3e33b4585e82691e7
SHA256

f7090c7e2b3a4b84806b92b33b31ab5eb3b2f3578f41eebe1c99782e3f17bb93
SHA512

db28f4be1cd33ba627725d4029bd89d55f979cdc1ecd409166276585dc84f739ed7b3407c8dddce1103eb18617f666ee89f114f2c56731907683a717e2d0d82b
SSDEEP

24576:C8+8EL5BMYsVNRV59BuiJqueyyGmGanfGXXvriy2dYCf6Yq41twdKv1KxckwF7hO:C8A0NRV59BuiJqueyyGmGanfGXXvriyT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7090c7e2b3a4b84806b92b33b31ab5eb3b2f3578f41eebe1c99782e3f17bb93

Files

f7090c7e2b3a4b84806b92b33b31ab5eb3b2f3578f41eebe1c99782e3f17bb93
.exe windows:5 windows x86 arch:x86

231a7db9457b8c1531628512a7d4da99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Lenovo_Object\OutDir\Win32\Release\RTOServer.pdb

Imports

ws2_32

gethostname
inet_ntoa
inet_addr
accept
getpeername
WSAIoctl
connect
WSAStartup
gethostbyname
htonl
select
WSAGetLastError
htons
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket
__WSAFDIsSet
closesocket
send
getsockopt
listen

winmm

timeSetEvent
timeGetTime
PlaySoundA
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
CreateFileMappingA
CreateMutexA
ReleaseMutex
OpenFileMappingA
CreateFileA
WriteFile
TerminateThread
Sleep
ReadFile
GetExitCodeThread
CreateThread
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
DeleteAtom
ResumeThread
SetLastError
Process32First
SetEvent
WaitNamedPipeW
GetSystemDirectoryW
LoadLibraryW
CreateEventA
GetExitCodeProcess
CreateFileW
Process32Next
OpenEventA
WaitForMultipleObjects
lstrcatW
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
SetCurrentDirectoryA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
SetFileAttributesA
MoveFileA
GetSystemTime
GetCurrentThread
CreateProcessA
WritePrivateProfileStringA
SetThreadPriority
SetProcessShutdownParameters
CloseHandle
FindResourceA
LoadResource
SizeofResource
LockResource
AllocConsole
FormatMessageA
GetStdHandle
WriteConsoleA
GlobalGetAtomNameA
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
LoadLibraryExW
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetCurrentDirectoryA
SetEnvironmentVariableA
GetDriveTypeW
RtlUnwind
GetCPInfo
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetCommandLineA
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateSemaphoreA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
ReleaseSemaphore
GetFileType
lstrcatA
lstrcpynA
lstrcmpiA
GetProcessHeap
HeapFree
HeapAlloc
InterlockedExchange
GetLocaleInfoA
GetVolumeInformationA
SetVolumeLabelA
GetFullPathNameA
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
lstrcpyA
ResetEvent
GetPrivateProfileStructA
GetOEMCP
GetStringTypeW
GetModuleFileNameW
FindFirstFileExW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetACP
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
GlobalFree
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalSize
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
MulDiv
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
MoveFileExW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetFullPathNameW
GetModuleHandleW
IsValidCodePage
TerminateProcess
RemoveDirectoryW

user32

IsDlgButtonChecked
TrackPopupMenu
GetSubMenu
LoadMenuA
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetKeyState
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
SetRect
IsIconic
DestroyWindow
PostThreadMessageA
SendNotifyMessageA
WaitMessage
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
EnumDesktopWindows
GetClassNameA
OpenDesktopA
WaitForInputIdle
WindowFromPoint
RegisterWindowMessageA
EnumWindows
GetIconInfo
CheckDlgButton
IsWindow
IsWindowVisible
EndPaint
DrawIconEx
BeginPaint
GetUpdateRect
IntersectRect
DestroyIcon
keybd_event
GetKeyboardState
mouse_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
ScreenToClient
SendDlgItemMessageA
LoadStringA
GetClientRect
SetFocus
GetScrollInfo
InvalidateRect
GetCursorPos
PostMessageA
GetDlgItemTextA
SetDlgItemInt
GetDlgItemInt
ExitWindowsEx
FindWindowExA
GetProcessWindowStation
GetWindowTextA
SetDlgItemTextA
MoveWindow
GetWindowRect
SetForegroundWindow
GetDlgItem
EndDialog
UnregisterHotKey
DialogBoxParamA
RegisterHotKey
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
GetDC
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
OemToCharA
CharToOemA
wvsprintfA
SetWindowTextA

gdi32

CreatePalette
GdiFlush
SetDIBColorTable
GetDeviceCaps
CreateDIBSection
GetBitmapBits
CreateCompatibleBitmap
RealizePalette
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
GetRgnBox
GetRegionData
SetRectRgn
CombineRgn
OffsetRgn
CreateRectRgn
CreateFontIndirectA
GetObjectA
PatBlt
DeleteDC
StretchBlt
GetDIBits
CreateDCA
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
SelectPalette
CreateSolidBrush
GetStockObject

advapi32

GetSecurityDescriptorLength
SetKernelObjectSecurity
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
IsValidSecurityDescriptor
IsValidAcl
IsValidSid
GetKernelObjectSecurity
RegCreateKeyA
SetServiceStatus
QueryServiceStatus
RegCreateKeyExA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
GetUserNameA
RegCloseKey
LookupAccountSidA
RegOpenKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 317KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

231a7db9457b8c1531628512a7d4da99

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 10KB - Virtual size: 501KB

.rsrc Size: 317KB - Virtual size: 320KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 10KB - Virtual size: 501KB

.rsrc
Size: 317KB - Virtual size: 320KB