Static task
static1
Behavioral task
behavioral1
Sample
bProtect.exe
Resource
win10v2004-20230621-en
General
-
Target
d115d1a186cf5f9ca7b74aad3701d599ac5d402c061b76fe04ccc53556e69864.zip
-
Size
435KB
-
MD5
29541de69b26817d1e5d571b0ea13057
-
SHA1
4238a01ede8c118eff6110c6d9cde5fe5b9e83f5
-
SHA256
446f220d90325349646a5ee21221374b3046b158590db80832d86af8a5432190
-
SHA512
08b49b97c7c926f7b7dc2fdfe809efcac922b45981bf5ab9b386380274ae38c93410f8dafc8a3c44ced563a10b46d9637ae28cb98401cf3f3b3006168d4bb34c
-
SSDEEP
6144:cEtJ8t5d5fOMD6jNJW6Q0GykNAbFRxUR8pK6Ft3NHdYC5ETIRe6SrdsT0rL:cWwQXkyhRxUqJv9HdX5Eki6SL
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/bProtect.exe
Files
-
d115d1a186cf5f9ca7b74aad3701d599ac5d402c061b76fe04ccc53556e69864.zip.zip
Password: infected
-
bProtect.exe.exe windows x86
Password: infected
8d70487ce4f6358b00c44afe47d522b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteFileW
CreateProcessW
GetTempFileNameW
GetTempPathW
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleW
SetLastError
MapViewOfFile
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
FormatMessageW
GetTempPathA
GetSystemTime
LoadLibraryW
GetFileAttributesExW
GetFileAttributesW
DeleteFileA
GetFileAttributesA
SetEndOfFile
CreateEventW
LockFile
UnlockFile
AreFileApisANSI
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
SetEvent
CreateEventA
WideCharToMultiByte
LoadLibraryA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
SetEnvironmentVariableA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FreeLibrary
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
lstrlenA
WriteFile
GetFileSize
SetFilePointer
ReadFile
CreateFileW
MultiByteToWideChar
GetExitCodeProcess
GetCurrentProcessId
GetModuleFileNameW
Sleep
WTSGetActiveConsoleSessionId
PulseEvent
UnlockFileEx
OpenProcess
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetTimeZoneInformation
CompareStringW
GetProcAddress
WaitForSingleObject
ResetEvent
UnmapViewOfFile
OpenFileMappingW
MapViewOfFileEx
CloseHandle
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
LockFileEx
SizeofResource
CompareStringA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
ExitProcess
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
CreateFileMappingW
LCMapStringA
GetStartupInfoW
GetSystemTimeAsFileTime
VirtualQuery
lstrlenW
MoveFileExW
CopyFileW
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
GetVersionExW
InterlockedDecrement
GetEnvironmentVariableW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
InterlockedExchange
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateRemoteThread
VirtualAllocEx
GetExitCodeThread
VirtualFreeEx
GetModuleHandleA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalFree
FormatMessageA
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
VirtualProtect
GetSystemInfo
user32
UnhookWindowsHookEx
SetWindowsHookExW
LoadImageW
ChildWindowFromPoint
KillTimer
ShowWindow
ScreenToClient
MoveWindow
EndDialog
DefWindowProcW
SetWindowLongW
GetWindowLongW
GetCursorPos
GetActiveWindow
GetSysColor
GetSysColorBrush
FillRect
SetLayeredWindowAttributes
ReleaseDC
GetDC
GetWindowRect
GetParent
InvalidateRect
GetDlgItem
BeginPaint
GetClientRect
DialogBoxParamW
GetSystemMetrics
UnregisterClassA
TrackMouseEvent
GetTopWindow
CallWindowProcW
SystemParametersInfoW
DispatchMessageW
TranslateMessage
SendMessageW
SetWindowTextW
SetTimer
PeekMessageW
EndPaint
GetMessageW
gdi32
SetTextColor
SetBkMode
CreatePatternBrush
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
RoundRect
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
CreateFontIndirectW
CreatePen
ole32
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoSetProxyBlanket
oleaut32
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VarCmp
VariantInit
VarBstrFromDate
SysStringLen
VarBstrCmp
VariantClear
SysAllocString
advapi32
RegisterServiceCtrlHandlerW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
StartServiceCtrlDispatcherW
userenv
CreateEnvironmentBlock
wtsapi32
WTSQueryUserToken
uxtheme
DrawThemeBackground
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
shlwapi
PathFileExistsW
PathAppendW
PathAddExtensionW
StrCmpW
winhttp
WinHttpCloseHandle
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData
shell32
SHGetSpecialFolderPathW
Sections
.text Size: 502KB - Virtual size: 502KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 101KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 131KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ