57849588eebdb01f51cc189641f415fb67807fc744a9c655cf493ee754ccef9d

Sharing

Copy URL Twitter E-mail

General

Target

57849588eebdb01f51cc189641f415fb67807fc744a9c655cf493ee754ccef9d
Size

393KB
MD5

20711cc8a88b0332ec176407e0b24160
SHA1

fde1aecfac0093ad37f1a5267ab28a3906d432ed
SHA256

57849588eebdb01f51cc189641f415fb67807fc744a9c655cf493ee754ccef9d
SHA512

a6be3b0025daa4e6338fecbe50ee201ff646b856b289ba63a5d7c8f1e5f86b399c1c8b654c0321653bde33087b5b5606431e7fb7bdf3513ec802aeced202b016
SSDEEP

12288:VoOQW/iTnvQlYlCX5Vyu8u36AD5EA7W4ma:MW/iTn4aCX5Ou36ABx

Score

N/A

Malware Config

Signatures

Files

57849588eebdb01f51cc189641f415fb67807fc744a9c655cf493ee754ccef9d
.exe windows x86

5367712d48b7c842bcf8a6d2f5b6512a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
LoadLibraryW
LocalFree
FreeLibrary
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
GetModuleHandleExW
OpenEventW
CreateEventW
CreateMutexW
CloseHandle
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetLastError
IsDebuggerPresent
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
HeapFree
GetProcessHeap
HeapAlloc
InitializeCriticalSectionAndSpinCount
CreateProcessW
SetErrorMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTickCount
CreateThread
FreeLibraryAndExitThread
WaitNamedPipeW
CreateFileW
WriteFileEx
ReadFileEx
DisconnectNamedPipe
CancelIo
ConnectNamedPipe
GetVersionExW
LocalAlloc
CreateNamedPipeW
GetOverlappedResult
ResetEvent
Sleep
OpenThread
GetCurrentProcessId
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
GetCurrentThreadId
GetProcAddress
IsProcessorFeaturePresent
InterlockedExchange

user32

CloseDesktop
OpenDesktopW
MsgWaitForMultipleObjects
RegisterClassW
GetClassInfoW
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
DefWindowProcW
IsWindow
DestroyWindow
RegisterClassExW
GetClassInfoExW
GetWindowLongW
KillTimer
CreateWindowExW
SetWindowLongW
TranslateMessage
SendMessageW
PostThreadMessageW
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
MsgWaitForMultipleObjectsEx

advapi32

OpenProcessToken
GetTokenInformation
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
InitializeSecurityDescriptor
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW
ord165

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid

bdnetdll

?DownloadInFile@BdHttp@@YAJPAUtagDefHttpPar@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6GHHKW4DOWNLOAD_ERRORCODE@@PAUtagDataOut@@@ZIPAHKH_N@Z
?CreateWorker@BdHttp@@YAJPAH@Z
?SetProxy@BdHttp@@YAJPAUtagHProxyInfo@@@Z
?Uninit@BdHttp@@YAJXZ
?Init@BdHttp@@YAJXZ

msvcp110

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_BADOFF@std@@3_JB
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathAppendW

msvcr110

_purecall
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
memmove
__dllonexit
_calloc_crt
_unlock
_lock
_wcslwr_s
??2@YAPAXI@Z
swprintf_s
ferror
wcschr
free
malloc
_vsnwprintf
_vscwprintf
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_waccess_s
wcsrchr
vswprintf_s
??0exception@std@@QAE@ABV01@@Z
fseek
fread
fgetpos
fclose
_wfopen_s
??_V@YAXPAX@Z
wmemcpy_s
_wcsicmp
memmove_s
memcpy_s
_wcsupr_s
wcsstr
memset
__RTDynamicCast
memcpy
__CxxFrameHandler3
_CxxThrowException
??3@YAXPAX@Z
_wsplitpath_s

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

imm32

ImmDisableIME

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5367712d48b7c842bcf8a6d2f5b6512a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

bdnetdll

msvcp110

shlwapi

msvcr110

wintrust

crypt32

imm32

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 13KB - Virtual size: 16KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 101KB - Virtual size: 104KB

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 101KB - Virtual size: 104KB