bb1483a0f0bbaa10bad2b82f2734e93da5d08488587220215103f3e18acb61a8

Sharing

Copy URL Twitter E-mail

General

Target

bb1483a0f0bbaa10bad2b82f2734e93da5d08488587220215103f3e18acb61a8
Size

894KB
MD5

ee2b2cd5fc186dd5162741734320f042
SHA1

1fc6e5347c39896ade4679d3c0446dbe093bbd3b
SHA256

bb1483a0f0bbaa10bad2b82f2734e93da5d08488587220215103f3e18acb61a8
SHA512

7e92104c243ba4e84d307b77bcc5bcd9751aa4d933b0126877a94b891da63a3c5a689c33cb837d5f0cb172431dd91d0285d48ef354f02f3738c3b729df480187
SSDEEP

12288:RZqteaA2SXgWXHqlPwYwqt9Gqy84q7LyCMv5Ft:RZoJRSwWalPwYwa9qO7DMv5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb1483a0f0bbaa10bad2b82f2734e93da5d08488587220215103f3e18acb61a8

Files

bb1483a0f0bbaa10bad2b82f2734e93da5d08488587220215103f3e18acb61a8
.exe windows x86

2cad99089dccdac261247c536a158236

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

portmichecksfcstatusex

PortCheckSfcStatuseEx

mfc140d

ord1063
ord14400
ord1575
ord13826
ord3466
ord538
ord1253
ord6714
ord9764
ord9749
ord3452
ord5624
ord5646
ord4433
ord4445
ord4326
ord3093
ord5389
ord6518
ord16538
ord9328
ord16437
ord10004
ord5359
ord10461
ord16960
ord13513
ord520
ord16137
ord1240
ord2581
ord1638
ord3569
ord16851
ord5752
ord6523
ord15661
ord389
ord6385
ord15600
ord9646
ord14893
ord15193
ord1176
ord7013
ord6739
ord7067
ord15915
ord9609
ord4485
ord9602
ord11805
ord379
ord6181
ord15506
ord1172
ord10008
ord594
ord6662
ord15709
ord1292
ord2773
ord2777
ord6025
ord6105
ord9771
ord14613
ord15142
ord17136
ord7106
ord2607
ord478
ord9119
ord1212
ord1887
ord5816
ord6485
ord4965
ord8484
ord4837
ord7008
ord8966
ord267
ord270
ord2512
ord2771
ord8115
ord1470
ord878
ord2975
ord5085
ord2656
ord9945
ord5392
ord17062
ord14376
ord17115
ord6479
ord1835
ord1823
ord3818
ord5789
ord16754
ord10535
ord17019
ord15749
ord12181
ord13749
ord12385
ord3753
ord16281
ord1068
ord6245
ord6831
ord8403
ord16755
ord14493
ord10867
ord7012
ord9110
ord7603
ord7914
ord1942
ord14639
ord5575
ord15002
ord534
ord13816
ord7111
ord14322
ord3451
ord1250
ord6718
ord7097
ord7081
ord6358
ord269
ord403
ord10154
ord1184
ord1938
ord12131
ord9109
ord1645
ord1655
ord12000
ord6959
ord14097
ord14147
ord9825
ord14129
ord7159
ord4483
ord8222
ord1090
ord16241
ord7685
ord17126
ord7686
ord17127
ord7684
ord17125
ord9535
ord14513
ord16915
ord1880
ord13838
ord2371
ord9476
ord15029
ord4747
ord3563
ord11139
ord17051
ord9454
ord17053
ord14523
ord14524
ord2884
ord6440
ord9960
ord9532
ord5490
ord14942
ord15010
ord12187
ord14137
ord10043
ord1599
ord3021
ord5142
ord10143
ord2558
ord15626
ord1036
ord8773
ord16803
ord10140
ord4524
ord378
ord4240
ord4884
ord2878
ord15206
ord8414
ord9824
ord15821
ord13474
ord12844
ord10084
ord15910
ord9616
ord7898
ord11160
ord6250
ord15561
ord7935
ord567
ord3757
ord3938
ord4898
ord1273
ord10865
ord8205
ord7508
ord16044
ord3893
ord3890
ord12005
ord9816
ord5145
ord3024
ord3310
ord17243
ord12036
ord12038
ord12037
ord12035
ord12039
ord6798
ord13562
ord13563
ord13963
ord4467
ord4462
ord13785
ord17046
ord10692
ord14098
ord5382
ord3086
ord4729
ord8405
ord11852
ord12807
ord10994
ord3848
ord16191
ord14159
ord14155
ord1972
ord1994
ord2020
ord2006
ord2027
ord5876
ord5943
ord5888
ord5906
ord5900
ord5894
ord5953
ord5937
ord5882
ord5959
ord5914
ord5852
ord5867
ord11106
ord10973
ord14051
ord493
ord8569
ord1220
ord14006
ord7506
ord16040
ord3309
ord10947
ord5026
ord2925
ord5928
ord5394
ord1218
ord10769
ord12821
ord13218
ord6986
ord11437
ord5380
ord12225
ord4749
ord3628
ord17054
ord7163
ord1671
ord9455
ord17052
ord8244
ord13554
ord9661
ord6208
ord15975
ord7186
ord6768
ord6515
ord3217
ord13999
ord4586
ord3966
ord3967
ord3847
ord14046
ord10483
ord8398
ord8234
ord6274
ord6678
ord6956
ord11091
ord6648
ord6277
ord6506
ord6256
ord9208
ord9209
ord9198
ord6504
ord9829
ord10946
ord1512
ord963
ord5512
ord15182
ord8232
ord311
ord306
ord3582
ord16747
ord4808
ord7110
ord1141
ord316
ord15253
ord1653
ord4006
ord4007
ord3744
ord3745
ord10874
ord16643
ord9098
ord1646
ord10534
ord5559
ord15446
ord1171
ord1885
ord8952
ord1674
ord322
ord10873
ord1580
ord2443
ord6391
ord7054
ord7015
ord3961
ord13837
ord3842
ord2610
ord7954
ord2801

kernel32

SetFileAttributesA
GetLocalTime
GetModuleFileNameA
lstrcpyA
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileA
CreateMutexA
OpenMutexA
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
GetDiskFreeSpaceExA
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
MultiByteToWideChar
SetLastError
GetLastError
InitializeCriticalSectionEx
OutputDebugStringW
FreeLibrary
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
DeleteFileA

user32

MessageBoxA
DrawTextA
SendMessageA
GetSystemMetrics
InflateRect
CopyRect
PeekMessageA
SetRectEmpty
UnionRect
GetSysColor
PostQuitMessage
UnregisterClassA

gdi32

DeleteDC

shell32

SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_Draw
InitCommonControlsEx

shlwapi

PathFileExistsA

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

msvcp140d

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB

imagehlp

MakeSureDirectoryPathExists

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

portmichecksfcstatus

PortCheckSfcStatus

portmachineintegration

PortDataCollectForSfcEx

portmistartsfcex

PortMiStartSfcEx

portmigetrelabelsfc

PortMiGetRelabelSfc

portmipasssfc

PortMiPassSfc

portdatacollectforresourcefai

PortDataCollectForResourceFAI

portmicheckwindingnc

PortMiCheckWindingNC

vcruntime140d

__CxxFrameHandler3
memset
_CxxThrowException
strrchr
memcpy
__vcrt_InitializeCriticalSectionEx
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove

ucrtbased

_CrtDbgReportW
_invalid_parameter
wcslen
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
free
malloc
atof
atoi
_localtime64_s
strftime
ldiv
strlen
__acrt_iob_func
__stdio_common_vfprintf
exit
__stdio_common_vsprintf_s
_splitpath
_time64
_stat64i32
strncpy
atol
_mktime64
terminate
_except1
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
__stdio_common_vswprintf_s
_setmbcp
wcscpy_s
_CrtDbgReport

Sections

.textbss
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cad99089dccdac261247c536a158236

Headers

DLL Characteristics

File Characteristics

Imports

portmichecksfcstatusex

mfc140d

kernel32

user32

gdi32

shell32

comctl32

shlwapi

oleaut32

gdiplus

msvcp140d

imagehlp

version

portmichecksfcstatus

portmachineintegration

portmistartsfcex

portmigetrelabelsfc

portmipasssfc

portdatacollectforresourcefai

portmicheckwindingnc

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 296KB

.text Size: 630KB - Virtual size: 630KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 3KB - Virtual size: 15KB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 44KB - Virtual size: 43KB

.textbss
Size: - Virtual size: 296KB

.text
Size: 630KB - Virtual size: 630KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 3KB - Virtual size: 15KB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 44KB - Virtual size: 43KB