0bee6c9536706aa9a1002efc332725cb2b3ef4e28a97ce7010154a8e81798875

Sharing

Copy URL

Twitter E-mail

General

Target

0bee6c9536706aa9a1002efc332725cb2b3ef4e28a97ce7010154a8e81798875
Size

673KB
MD5

25bbe24cd2668004b37a7f1a352b00d4
SHA1

24835ee4d734c32f90d5bc8b0488612d1db5be73
SHA256

0bee6c9536706aa9a1002efc332725cb2b3ef4e28a97ce7010154a8e81798875
SHA512

42f3a7cfd3c0b8f2482a1979c8c12900153b1fc333edb95bee84c0b2504288fd8d16529fd33626597a6f5f22fc0336720c37bcee57872b125c4b28816632d6a1
SSDEEP

12288:NaPWm5Ia7ybJCJ+37PGoc8O7sUTFwBdixXq2++saAxNhLYCTv2kb4UMuFk:Iv7ybJCG7+N92MXq2Z5sLb33MuFk

Score

N/A

Malware Config

Signatures

Files

0bee6c9536706aa9a1002efc332725cb2b3ef4e28a97ce7010154a8e81798875
.exe windows x86

eca2b8e1817a5705db7a9c97a1a0b275

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bsutil

CreateCurrentProcessCrashDump

rpcrt4

RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerUnregisterIf
I_RpcBindingInqLocalClientPID
NdrServerCall2

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemFree

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
Sleep
CreateMutexA
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
GetTickCount
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerW
SetUnhandledExceptionFilter
LoadLibraryW
FormatMessageA
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
InterlockedCompareExchange
MapViewOfFileEx
InterlockedExchange
FlushViewOfFile
EnterCriticalSection
LeaveCriticalSection
CreateThread
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
ProcessIdToSessionId
GetCurrentThreadId
FreeLibrary
OpenProcess
LocalFree
SetEvent
WaitForSingleObject
ReleaseSemaphore
GetSystemTimeAsFileTime
DuplicateHandle
CreateSemaphoreA
CreateEventA
GetModuleFileNameW
SetLastError
GetLastError
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetVersionExW
CreateDirectoryW
GetFileAttributesW
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
LoadLibraryA
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
SetEnvironmentVariableW
SetEnvironmentVariableA
VirtualAlloc
VirtualFree
HeapCreate
CreateFileA
GetFileType
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
LocalAlloc
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetSystemInfo
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
DeleteFileA
MoveFileA
GetTimeZoneInformation
ExitProcess
GetModuleHandleA
ExitThread
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersionExA
GetThreadLocale
GetLocaleInfoA
CreateProcessW
CreateToolhelp32Snapshot
CreateFileW
Module32FirstW
FormatMessageW
SetFilePointer
ReadFile
WideCharToMultiByte
WriteFile
HeapDestroy
HeapReAlloc
HeapSize
GetACP

user32

PostThreadMessageW
GetSystemMetrics
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
CharUpperW
UnregisterClassA
CharNextW

advapi32

CreateServiceW
CreateProcessAsUserW
LookupAccountSidW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetTokenInformation
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
CopySid
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
InitializeAcl
AddAce
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetKernelObjectSecurity
FreeSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetSidSubAuthority

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

oleaut32

VarUI4FromStr

wtsapi32

WTSQueryUserToken

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA
CryptVerifyMessageSignature

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates
ImageGetCertificateHeader

wintrust

WinVerifyTrust

ws2_32

send
bind
socket
accept
closesocket
recv
WSACleanup
WSAGetLastError
connect
WSAStartup
htonl
ntohl
ntohs
setsockopt
select
htons
inet_addr
inet_ntoa
gethostbyname
listen
__WSAFDIsSet

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eca2b8e1817a5705db7a9c97a1a0b275

Headers

File Characteristics

Imports

bsutil

rpcrt4

version

ole32

userenv

kernel32

user32

advapi32

shell32

oleaut32

wtsapi32

crypt32

imagehlp

wintrust

ws2_32

Sections

.text Size: 488KB - Virtual size: 487KB

.rdata Size: 148KB - Virtual size: 144KB

.data Size: 20KB - Virtual size: 31KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 488KB - Virtual size: 487KB

.rdata
Size: 148KB - Virtual size: 144KB

.data
Size: 20KB - Virtual size: 31KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 8KB - Virtual size: 6KB