thebcs[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

thebcs.exe
Size

2.1MB
MD5

8e1d0ffed9e2b43afed506a641f72754
SHA1

996104a3715e740acd62b29d98ac4cd2de536591
SHA256

26696735c938ebf1ffe7cf2c3801356382437c789892cb85ec995971d2d775dc
SHA512

fa8d280bb8e26c6bcb9a5da9b4c25886b16d66e49b0f772780083495beb88f2d95b1ddab16959223a99033b8a104a528862ccd76fffc730c69149ca02f964b32
SSDEEP

49152:2D6hUleEd491AOwzmUcSZ44OJZXkbMpF6P98MaOKLs7e+G:xUleEdw1u7cSZ4ZJZXkee8zP

Score

N/A

Malware Config

Signatures

Files

thebcs.exe
.exe windows x86

8242a6066712b813d16b18cc6eba1a13

Code Sign

74:38:24:af:20:d4:da:65:b8:4b:c6:8a:bc:f2:96:57
Certificate

Issuer

CN=videodownloader_cert,OU=Created by Link64,O=Link64

Not Before

15/02/2021, 20:37

Not After

31/12/2039, 23:59

Subject

CN=videodownloader_cert,OU=Created by Link64,O=Link64

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:a1:c5:b9:a1:52:90:21:2f:9d:91:07:27:de:83:4f:d2:11:b8:a8:f9:30:22:7c:0c:a6:9b:b9:dd:9d:e8:4d
Signer

Actual PE Digest

26:a1:c5:b9:a1:52:90:21:2f:9d:91:07:27:de:83:4f:d2:11:b8:a8:f9:30:22:7c:0c:a6:9b:b9:dd:9d:e8:4d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=videodownloader_cert,OU=Created by Link64,O=Link64

05/01/2023, 19:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime

wsock32

recv
WSAGetLastError
send
getsockopt
getpeername
WSASetLastError
connect
select
__WSAFDIsSet
setsockopt
recvfrom
sendto
ntohl
inet_addr
inet_ntoa
WSACleanup
WSAStartup
socket
listen
htons
getsockname
bind
accept
gethostbyname
ioctlsocket
htonl
shutdown
closesocket
ntohs

kernel32

GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
WideCharToMultiByte
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
GetVolumeInformationA
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStdHandle
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SystemTimeToFileTime
GetSystemTime
CreateEventA
SetEvent
CloseHandle
Beep
GetComputerNameA
GetCurrentThreadId
WaitForSingleObject
GetFullPathNameW
FindNextFileW
FindFirstFileExW
FindClose
GetModuleFileNameA
CreateMutexA
ReleaseMutex
GetLastError
Sleep
GetTimeZoneInformation
HeapReAlloc
GetCurrentDirectoryW
SetStdHandle
IsValidCodePage
GetACP
SetEndOfFile
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCurrentProcessId
FormatMessageA
GetWindowsDirectoryA
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
GetModuleFileNameW
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetProcessHeap
HeapSize
WriteConsoleW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
TlsGetValue
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
PeekNamedPipe

user32

MessageBoxW
GetUserObjectInformationW
GetUserObjectInformationA
GetProcessWindowStation
LoadIconA
LoadCursorA
GetWindowLongA
MessageBoxA
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
SetTimer
SetWindowPos
ShowWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

TextOutA

advapi32

CryptDestroyHash
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
StartServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle

shell32

ShellExecuteA

iphlpapi

GetIfEntry
GetBestRoute
IcmpCreateFile
IcmpSendEcho

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8242a6066712b813d16b18cc6eba1a13

Code Sign

74:38:24:af:20:d4:da:65:b8:4b:c6:8a:bc:f2:96:57Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

26:a1:c5:b9:a1:52:90:21:2f:9d:91:07:27:de:83:4f:d2:11:b8:a8:f9:30:22:7c:0c:a6:9b:b9:dd:9d:e8:4dSigner

Signature Validations

Verification

05/01/2023, 19:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wsock32

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 451KB - Virtual size: 451KB

.data Size: 37KB - Virtual size: 112KB

.rsrc Size: 300KB - Virtual size: 300KB

.reloc Size: 64KB - Virtual size: 64KB

74:38:24:af:20:d4:da:65:b8:4b:c6:8a:bc:f2:96:57
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

26:a1:c5:b9:a1:52:90:21:2f:9d:91:07:27:de:83:4f:d2:11:b8:a8:f9:30:22:7c:0c:a6:9b:b9:dd:9d:e8:4d
Signer

05/01/2023, 19:53
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 451KB - Virtual size: 451KB

.data
Size: 37KB - Virtual size: 112KB

.rsrc
Size: 300KB - Virtual size: 300KB

.reloc
Size: 64KB - Virtual size: 64KB