bcfmgr[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bcfmgr.exe.zip
Size

4.1MB
MD5

0d9d6ac6933aaa63401d5b676cab7ad5
SHA1

145d293cc734d5c2d66898b03ea7accb94afc06c
SHA256

0f283b45876e39ceca29a8cd62c83cc897304b8716a93e39b195dffcbbe02fa6
SHA512

c094bc14cb041644cbb26f7e73966f6e05d3b4d827819d418fb7872de02ca010756d4d32e889f9d3dbcb117e5998fdc4cd212c5e4dce3814226948008f7ce8c4
SSDEEP

98304:wu2XzyNjevs+rVGER3t+Z1rXIZoXMN2x5M5Yuo3:eCe0+rVGER3QZ10sq2x5M5po3

Score

1^/10

Malware Config

Signatures

Files

bcfmgr.exe.zip
.zip

Password: infected
cf2b73f77761f4441f9c31512d58709f5d9d59eef6514857a5e37b8c4e956c3a
.exe windows x86

Password: infected

4f707672db2023779faacf0078fa3b74

Code Sign

09:e0:15:e9:8e:4f:ab:cc:9a:c4:3e:04:2c:96:09:0d
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2018, 00:00

Not After

16/10/2021, 12:00

Subject

CN=Jetico Inc. Oy,O=Jetico Inc. Oy,L=Espoo,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:16:b0:87:ca:84:fc:ed:72:c4:2f:a3:03:65:49:7b:f0:31:e2:5b
Signer

Actual PE Digest

4b:16:b0:87:ca:84:fc:ed:72:c4:2f:a3:03:65:49:7b:f0:31:e2:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

hid

HidD_GetFeature
HidD_SetFeature
HidD_GetAttributes

kernel32

GetFileAttributesExW
DeleteFileW
CopyFileW
CreateDirectoryW
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateThread
GetCurrentThread
ReleaseMutex
LoadResource
SizeofResource
GetFileSizeEx
FlushFileBuffers
DeviceIoControl
GetLocalTime
CreateMutexW
LoadLibraryA
LoadLibraryExW
GetModuleFileNameA
CreateProcessW
FindResourceW
GetDriveTypeW
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
SetFileAttributesW
InterlockedExchange
GlobalFree
WaitForSingleObject
GetExitCodeThread
DeleteFileA
CreateDirectoryA
RemoveDirectoryW
GetSystemDirectoryA
GetExitCodeProcess
GetLogicalDrives
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
MoveFileExW
GetCurrentThreadId
ReleaseSemaphore
GetTickCount
FormatMessageW
lstrcpynW
lstrcpyW
CreateSemaphoreW
GetFullPathNameW
GetVolumeInformationW
CreateSemaphoreA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesExA
CopyFileA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryExA
SetLastError
SetThreadPriority
GetThreadPriority
GetPriorityClass
SetVolumeLabelW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumeNameForVolumeMountPointW
WaitNamedPipeW
GetTempPathW
GetNativeSystemInfo
GetWindowsDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
lstrlenW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
GetVersionExW
GetFileAttributesW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
TerminateThread
OutputDebugStringA
EncodePointer
FreeResource
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalSize
MulDiv
SetEvent
CreateEventW
SuspendThread
ResumeThread
GetPrivateProfileIntW
GetPrivateProfileStringW
FileTimeToSystemTime
lstrcmpA
CompareStringA
GetFileTime
GetTempFileNameW
SetFileTime
ReplaceFileW
GetUserDefaultLCID
GlobalGetAtomNameW
GlobalReAlloc
GetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetThreadLocale
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
lstrcmpiW
MoveFileW
GetStringTypeExW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
FindResourceExW
SearchPathW
GetProfileIntW
SetErrorMode
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileType
GetStdHandle
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ExpandEnvironmentStringsA
GetSystemInfo
WaitForMultipleObjects
FormatMessageA
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetStringTypeW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
CreateFileW
GetShortPathNameW
GetShortPathNameA
GetVersion
CreateFileA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetFilePointer
ReadFile
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
LCMapStringW
HeapAlloc
HeapDestroy
DecodePointer
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTime
GetDateFormatW
GetDateFormatA
WideCharToMultiByte
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WritePrivateProfileStringW
MultiByteToWideChar
QueryDosDeviceW
FindFirstFileExA
GetFullPathNameA
SetFilePointerEx
ReadConsoleW
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetTimeZoneInformation
WriteConsoleW
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
SetConsoleCtrlHandler
GetACP
SetStdHandle
HeapQueryInformation
VirtualQuery
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter
GetJobW

advapi32

RegEnumKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
InitializeSid
GetSidLengthRequired
EqualSid
IsValidSid
QueryServiceStatus
RegFlushKey
RegDeleteKeyA
RegEnumValueW
RegSetValueExA
ConvertSidToStringSidW
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

uxtheme

IsAppThemed
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
GetThemeColor
GetCurrentThemeName
GetWindowTheme
GetThemeSysColor
OpenThemeData

ole32

ReleaseStgMedium
OleInitialize
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
CreateFileMoniker
CreateILockBytesOnHGlobal
OleRegGetMiscStatus
OleRegEnumVerbs
OleCreateMenuDescriptor
OleSetClipboard
CLSIDFromString
StringFromGUID2
CoDisconnectObject
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateStreamOnHGlobal
PropVariantCopy
CoCreateGuid
SetConvertStg
IsAccelerator
StgCreateDocfileOnILockBytes
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleRegGetUserType
CoFreeUnusedLibraries
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
StringFromCLSID
IIDFromString
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleUninitialize

oleaut32

GetErrorInfo
CreateErrorInfo
SetErrorInfo
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics

netapi32

NetApiBufferFree
NetUserModalsGet

ws2_32

gethostbyname
socket
shutdown
send
recv
htons
connect
closesocket
WSACleanup
WSAStartup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

winmm

PlaySoundW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
UuidCreateSequential

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 853KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4f707672db2023779faacf0078fa3b74

Code Sign

09:e0:15:e9:8e:4f:ab:cc:9a:c4:3e:04:2c:96:09:0dCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4b:16:b0:87:ca:84:fc:ed:72:c4:2f:a3:03:65:49:7b:f0:31:e2:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

secur32

hid

kernel32

msimg32

winspool.drv

advapi32

uxtheme

ole32

oleaut32

oledlg

gdiplus

netapi32

ws2_32

oleacc

winmm

imm32

setupapi

rpcrt4

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 120KB - Virtual size: 499KB

.gfids Size: 139KB - Virtual size: 139KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 853KB - Virtual size: 853KB

09:e0:15:e9:8e:4f:ab:cc:9a:c4:3e:04:2c:96:09:0d
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4b:16:b0:87:ca:84:fc:ed:72:c4:2f:a3:03:65:49:7b:f0:31:e2:5b
Signer

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 120KB - Virtual size: 499KB

.gfids
Size: 139KB - Virtual size: 139KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 853KB - Virtual size: 853KB