1e22139c056bfd5fb17d77e40cd61e0419273bbb1352c86213d0f13bfcfdddfc

Sharing

Copy URL Twitter E-mail

General

Target

1e22139c056bfd5fb17d77e40cd61e0419273bbb1352c86213d0f13bfcfdddfc
Size

88KB
MD5

45804f7dc1409e8942e843ed912c4640
SHA1

8f0fc38f01c3a3cb2395fbc75cf2e9ddbee316a5
SHA256

1e22139c056bfd5fb17d77e40cd61e0419273bbb1352c86213d0f13bfcfdddfc
SHA512

ba00780421834a7c75d1c56c6310f4b8f3d451a8672fbc048261148b8e053ab35fa60a973c366efded4ede3b57d3da645b19f4bace98c5fba9c2a39fc94eadfd
SSDEEP

1536:/+BuQGQHtgZMdqjgC3MKAZKMmgEv0iLvkHQYPpyNFaHUwC1hA/haR01Af8CF:/kDGQNgq9CcnZKFMWkhPpyGHK+hzDCF

Score

N/A

Malware Config

Signatures

Files

1e22139c056bfd5fb17d77e40cd61e0419273bbb1352c86213d0f13bfcfdddfc
.zip
BURSH.exe
.exe windows x86

41e6e82466d75c8eaeaf59a01ba5c2ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
DeleteFileW
CloseHandle
LoadLibraryW
CreateThread
DeleteCriticalSection
CopyFileW
WideCharToMultiByte
WinExec
CheckRemoteDebuggerPresent
OutputDebugStringW
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
SetFileAttributesW
GetCurrentThreadId
InitializeCriticalSectionEx
SetErrorMode
RemoveDirectoryW
WriteFile
lstrlenW
GetCurrentProcess
IsDebuggerPresent

user32

GetCursorPos
SetCursorPos
UpdateWindow
GetDesktopWindow
GetWindowDC
LoadCursorW
LoadIconW
RegisterClassW
ShowWindow
DefWindowProcW
GetDC
MessageBoxW
CreateWindowExW
GetSystemMetrics
DrawIcon

gdi32

GetStockObject
StretchBlt
BitBlt

advapi32

RegCloseKey
AdjustTokenPrivileges
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
LookupPrivilegeValueW

msvcp140

?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z

vcruntime140

memchr
_CxxThrowException
__current_exception_context
__current_exception
_except_handler4_common
memmove
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_exit
_cexit
_initterm
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_crt_atexit
exit
_controlfp_s
_sleep
_register_onexit_function
_initialize_onexit_table
_set_app_type
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment
_seh_filter_exe
terminate
_invalid_parameter_noinfo_noreturn
__p___argc

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst64i32
_access
_findnext64i32

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BURSHFOLDER.exe
.exe windows x64

4570890b5774ceccaf96ff5323c35d79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140d

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z

vcruntime140d

memmove
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
__C_specific_handler_noexcept
__std_type_info_destroy_list
__current_exception
__current_exception_context
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcmp
memcpy

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_free_dbg
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_register_thread_local_exe_atexit_callback
_set_new_mode
_wsplitpath_s
wcscpy_s
_getch
_c_exit
malloc
_callnewh
_access
strlen
system
_CrtDbgReport
_invalid_parameter
__p__commode
_wmakepath_s
_cexit
__p___argv
__p___argc
_set_fmode
_exit
exit
_CrtDbgReportW
_initterm
_configthreadlocale
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
terminate
_seh_filter_exe
_initterm_e

kernel32

VirtualQuery
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetProcessHeap
HeapFree

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 554B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
admin.dll
.dll windows x86

053da52e98b6f21f8418d4bccf9e7633

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtFreeVirtualMemory
NtGetContextThread
NtFlushInstructionCache
RtlAllocateHeap
NtQueryVirtualMemory
NtAllocateVirtualMemory
NtProtectVirtualMemory
NtSetContextThread
RtlFreeHeap
RtlFlushSecureMemoryCache
RtlNtStatusToDosError
NtResumeThread
NtAdjustPrivilegesToken
NtDeleteKey
NtOpenProcessToken
LdrGetProcedureAddress
NtDuplicateToken
NtOpenKey
RtlInitUnicodeString
NtSetInformationThread
NtCreateKeyTransacted
LdrGetDllHandleEx
NtClose
RtlInitAnsiString
NtOpenThreadToken
NtCreateKey
NtCreateFile
NtOpenFile
NtOpenKeyTransacted
memcpy
_aullshr
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUnwind
memset

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41e6e82466d75c8eaeaf59a01ba5c2ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 2KB - Virtual size: 1KB

4570890b5774ceccaf96ff5323c35d79

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 13KB - Virtual size: 12KB

.idata Size: 6KB - Virtual size: 6KB

.msvcjmc Size: 1024B - Virtual size: 554B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 1KB - Virtual size: 1KB

053da52e98b6f21f8418d4bccf9e7633

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 2KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 13KB - Virtual size: 12KB

.idata
Size: 6KB - Virtual size: 6KB

.msvcjmc
Size: 1024B - Virtual size: 554B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 2KB - Virtual size: 1KB