fca343dab2514fceca8eafb3d94427503da3f5855342759f5a69e49041dd9861

Sharing

Copy URL Twitter E-mail

General

Target

fca343dab2514fceca8eafb3d94427503da3f5855342759f5a69e49041dd9861
Size

534KB
MD5

4f91978fb2cb269cf3384844a1f77790
SHA1

2df9ffbc6eab40a8ee512794c37700bba8f7fdf7
SHA256

fca343dab2514fceca8eafb3d94427503da3f5855342759f5a69e49041dd9861
SHA512

0b1dff312388c0055d4d45ad6ae46228ba5faa43aaa028e985c465bb939b1d4bb765f29615a1799b5c3028dc40c725b6d6719557626d89d76d68494c9b03dcaa
SSDEEP

3072:9AS4fCMO4SybmfO2Em987qo/ah9WGB4g5pGbDerIRMJ4j:ofTSyqfOu0j/oWOTrZ8RMJ4j

Score

N/A

Malware Config

Signatures

Files

fca343dab2514fceca8eafb3d94427503da3f5855342759f5a69e49041dd9861
.exe windows x86

459801eb3a454c62695bdd5a92081d91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bdlogicutils

?GetBDCrashCatcher@BDLogicUtils@@YAPAVIBDCrashCatcher@1@XZ
?BDLogicUtilsLibrary_Init@BDLogicUtils@@YAHXZ
?BDLogicUtilsLibrary_Unit@BDLogicUtils@@YAHXZ
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ

shlwapi

PathRemoveFileSpecW

kernel32

WTSGetActiveConsoleSessionId
CloseHandle
FreeLibrary
GetCurrentProcess
CreateSemaphoreA
WaitForSingleObject
SetEvent
LoadLibraryW
GetProcAddress
ReleaseSemaphore
DuplicateHandle
CreateEventA
GetLastError
GetModuleFileNameW
lstrlenA
LockResource
MultiByteToWideChar
ResetEvent
WaitNamedPipeW
ReadFile
WriteFile
OpenThread
CreateFileW
ConnectNamedPipe
CreateNamedPipeW
GetCurrentThreadId
HeapFree
GetProcessHeap
CreateEventW
TerminateThread
Sleep
DisconnectNamedPipe
HeapAlloc
GetVersionExW
LoadResource
GetCurrentProcessId
FindResourceW
FindResourceExW
ProcessIdToSessionId
SizeofResource
FormatMessageA
EnterCriticalSection
WideCharToMultiByte
LocalFree
CreateWaitableTimerA
LeaveCriticalSection
InitializeCriticalSection
RaiseException
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
OpenEventA
TlsSetValue
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer

advapi32

InitializeAcl
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
GetLengthSid
AddAccessAllowedAce

shell32

ShellExecuteW

msvcp80

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_wcsnicmp
_beginthreadex
printf
calloc
free
wcsncpy_s
_recalloc
iswspace
_wcsicmp
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcscpy_s
memmove_s
vswprintf_s
_purecall
_vscwprintf
memcpy_s
_gmtime64
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABQBDH@Z
??3@YAXPAX@Z
strerror

user32

UnregisterClassA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

459801eb3a454c62695bdd5a92081d91

Headers

File Characteristics

Imports

bdlogicutils

shlwapi

kernel32

advapi32

shell32

msvcp80

msvcr80

user32

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 416KB - Virtual size: 416KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 416KB - Virtual size: 416KB