bdc27112bfe786e8c1a78630288a69a9758ebd580811709d6de260c55c716594

Sharing

Copy URL

Twitter E-mail

General

Target

bdc27112bfe786e8c1a78630288a69a9758ebd580811709d6de260c55c716594
Size

236KB
MD5

fd2128421485c5b992c52f42a818e263
SHA1

5751aaaf3df6b64d465799f6744b40bb2284223c
SHA256

bdc27112bfe786e8c1a78630288a69a9758ebd580811709d6de260c55c716594
SHA512

c75b5078cebaa995484fdfdf56541bc3282873f5301a7b914b6d0e211de620ce2dae402c30e840a170dd8f3fcab3b0b8a7131a4f977f44abe5dc26c1daf10279
SSDEEP

3072:MaFm1cIJCnn6NyAGn6WU9e0eF/pstBaDqwONnct437Bl3N2UTjlNyTJBtewTj:MaFMgi9e0eF/p/uwONct43j92UTybl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdc27112bfe786e8c1a78630288a69a9758ebd580811709d6de260c55c716594

Files

bdc27112bfe786e8c1a78630288a69a9758ebd580811709d6de260c55c716594
.exe windows x86

6b64ec00764984de69be8b15ac5ec20b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc110

ord7509
ord13455
ord5786
ord13453
ord5785
ord11217
ord5803
ord8642
ord9157
ord11587
ord11579
ord5224
ord3777
ord4517
ord11280
ord10198
ord3131
ord11581
ord14429
ord2015
ord10635
ord12314
ord5498
ord5497
ord6804
ord14278
ord11436
ord6848
ord10928
ord11434
ord11435
ord6849
ord5305
ord13761
ord1742
ord13760
ord11555
ord4809
ord776
ord1309
ord8424
ord11924
ord9376
ord4421
ord7121
ord2122
ord468
ord1107
ord539
ord1162
ord753
ord1295
ord7314
ord9105
ord3202
ord3157
ord8278
ord8558
ord4159
ord6451
ord3865
ord2159
ord2470
ord12541
ord4808
ord2148
ord4986
ord13363
ord5075
ord5076
ord11320
ord7883
ord13397
ord9084
ord7721
ord13296
ord8033
ord2199
ord7008
ord642
ord14243
ord2590
ord13867
ord13869
ord11956
ord2245
ord884
ord1380
ord12801
ord4103
ord11157
ord3803
ord6330
ord4746
ord1038
ord316
ord3816
ord6410
ord2466
ord3122
ord4807
ord2768
ord8193
ord6552
ord12911
ord9016
ord5905
ord3874
ord11905
ord5782
ord13449
ord11497
ord4869
ord4836
ord4830
ord4864
ord4887
ord4844
ord4872
ord4881
ord4852
ord4856
ord4860
ord4848
ord4877
ord4839
ord1722
ord1713
ord1718
ord1710
ord1701
ord9054
ord11989
ord14311
ord3772
ord11870
ord8018
ord5167
ord7982
ord8124
ord8053
ord8144
ord2669
ord2647
ord5296
ord4319
ord3965
ord4721
ord14049
ord2028
ord12258
ord3249
ord8803
ord8749
ord13933
ord6148
ord8254
ord12769
ord8627
ord3071
ord14176
ord10882
ord3276
ord11116
ord1721
ord4058
ord2011
ord4946
ord4951
ord3073
ord6121
ord12977
ord11929
ord3950
ord2616
ord8618
ord14051
ord7954
ord13235
ord10954
ord8810
ord8765
ord3169
ord3293
ord2562
ord2057
ord10923
ord3006
ord9097
ord8805
ord8764
ord8771
ord12449
ord13242
ord3949
ord4439
ord11055
ord14034
ord3290
ord12600
ord8195
ord8280
ord13075
ord7871
ord7872
ord7900
ord12425
ord12392
ord6312
ord8501
ord8494
ord3515
ord795
ord8506
ord8507
ord8511
ord3755
ord12645
ord5688
ord5651
ord13079
ord12510
ord2645
ord12649
ord7715
ord14130
ord12003
ord8656
ord11152
ord10159
ord11674
ord8895
ord8914
ord2600
ord4113
ord4126
ord2192
ord14458
ord9783
ord9310
ord9315
ord9325
ord8674
ord4642
ord2038
ord4201
ord3268
ord9187
ord4303
ord8831
ord1928
ord13910
ord2603
ord8747
ord12744
ord8230
ord13990
ord6379
ord12895
ord4833
ord4827
ord1707
ord9063
ord7983
ord8146
ord8026
ord6940
ord5017
ord5291
ord2638
ord4328
ord3981
ord8802
ord8748
ord13934
ord8242
ord12756
ord14175
ord11539
ord11112
ord2578
ord4044
ord3976
ord7952
ord8808
ord8766
ord14096
ord10922
ord3004
ord11269
ord9468
ord8763
ord3947
ord4437
ord14032
ord3107
ord3106
ord3278
ord7702
ord2629
ord13987
ord5293
ord2487
ord3565
ord3982
ord3967
ord14208
ord13029
ord8364
ord3072
ord14039
ord4114
ord2042
ord11512
ord14018
ord13087
ord2706
ord2728
ord11382
ord12917
ord11923
ord3057
ord8844
ord8958
ord8907
ord4529
ord8870
ord8439
ord2327
ord2348
ord9553
ord8807
ord11498
ord12722
ord12602
ord2943
ord8015
ord8038
ord12969
ord14468
ord13629
ord11773
ord3325
ord3362
ord13765
ord3123
ord5126
ord2075
ord11862
ord561
ord1182
ord632
ord1230
ord749
ord1291
ord773
ord1308
ord5611
ord9112
ord562
ord4341
ord8359
ord8270
ord13875
ord4306
ord7837
ord3155
ord13376
ord4318
ord3960
ord1736
ord4283
ord1977
ord4408
ord4366
ord8332
ord8500
ord8177
ord13841
ord4780
ord3175
ord2322
ord12125
ord14338
ord12182
ord14391
ord6590
ord13044
ord8585
ord11890
ord2189
ord14257
ord13971
ord783
ord4401
ord11470
ord2506
ord4429
ord13199
ord7132
ord7135
ord8330
ord7138
ord7133
ord7136
ord7137
ord7139
ord13734
ord7134
ord14392
ord8206
ord7550
ord11248
ord9024
ord14324
ord7731
ord9047
ord11964
ord3769
ord4901
ord12240
ord1734
ord13456
ord13454
ord11218
ord5802
ord8644
ord9159
ord11588
ord11583
ord3779
ord3216
ord7620
ord2016
ord10636
ord11278
ord2997
ord14073
ord11201
ord11295
ord1799
ord9012
ord9522
ord11289
ord2006
ord8231
ord12734
ord3263
ord3374
ord5602
ord9941
ord9944
ord9948
ord7470
ord988
ord1460
ord13009
ord7808
ord2248
ord2244
ord2149
ord4389
ord13651
ord8265
ord7758
ord7810
ord7835
ord13817
ord7493
ord7131
ord810
ord1811
ord365
ord1063
ord11810
ord12027
ord13970
ord2263
ord4520
ord461
ord1102
ord6333
ord1104
ord7313
ord4025
ord1860
ord6695
ord10047
ord5617
ord12701
ord12000
ord12032
ord10228
ord8025
ord12028
ord12020
ord5765
ord3786
ord6193
ord14402

msvcr110

_onexit
__dllonexit
free
malloc
__CxxFrameHandler3
_CxxThrowException
_setmbcp
_calloc_crt
_purecall
_unlock
_lock
??1type_info@@UAE@XZ
_XcptFilter
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode

kernel32

lstrlenA
GetLastError
IsProcessorFeaturePresent
QueryPerformanceCounter
MultiByteToWideChar
GetSystemTimeAsFileTime
GetTickCount64
LocalFree
DecodePointer
IsDebuggerPresent
EncodePointer
lstrcpyA
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement

user32

ClientToScreen
RedrawWindow
GetSystemMetrics
LoadImageA
GetFocus
IsChild
EnableWindow
LoadBitmapW
GetSysColor
InflateRect
GetWindowRect
UpdateWindow
InvalidateRect
GetClientRect
ScreenToClient
SendMessageA
GetSubMenu
LoadMenuW
SetRectEmpty
GetParent
IsIconic

gdi32

CreateFontIndirectA
GetStockObject
GetObjectA
DeleteObject

comctl32

InitCommonControlsEx
ImageList_AddMasked

oleaut32

SysAllocString
VariantClear

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b64ec00764984de69be8b15ac5ec20b

Headers

DLL Characteristics

File Characteristics

Imports

mfc110

msvcr110

kernel32

user32

gdi32

comctl32

oleaut32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 16KB - Virtual size: 15KB