bd720a45fd3af2exeexeexeex[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bd720a45fd3af2exeexeexeex.exe
Size

1.4MB
MD5

bd720a45fd3af236f75cee1cd9572aba
SHA1

8a4ff9b4b642efb2f95bb94c6b165eb7a91221ca
SHA256

4236f9bd43027fa9a86b37542821f51691cfeb587bf573dfe3fabb99fe1c3d75
SHA512

63c33b9898f55823590f292349c4fe1c488e2e980206ae7912b382224eb4093f466af4d1e892aa3e2bf7df5881480e829c81447ca96e20ebbebf9e25204c8dd6
SSDEEP

24576:l0SiQJlA3isPf2mb8+4fiO1hFh6z33LfsqjnhMgeiCl7G0nehbGZpbD:GKrAZW1+4frXk33LDDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd720a45fd3af2exeexeexeex.exe

Files

bd720a45fd3af2exeexeexeex.exe
.exe windows x86

5f1c5da0cf83789ca433c39095c4cbf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
GetCurrentThreadId
TryEnterCriticalSection
Sleep
InitializeCriticalSection
SetEvent
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetFileSize
CancelIo
GetOverlappedResult
GetCommandLineW
RemoveDirectoryW
GetFullPathNameW
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetStdHandle
ExitProcess
LCMapStringW
GetTimeZoneInformation
SetLastError
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetCurrentProcessId
GetTickCount
CreateFileW
SetFilePointer
WriteFile
OutputDebugStringW
OpenProcess
GetFileAttributesExW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
QueryPerformanceFrequency
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
OpenEventW
ResetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
OpenMutexW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
GetEnvironmentVariableW
WaitForMultipleObjects
CreatePipe
GetStartupInfoW
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
WideCharToMultiByte
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
FindResourceExW
LockResource
GetFileTime
DeviceIoControl
GetSystemDirectoryW
MoveFileExW
CopyFileW
SetFileAttributesW
VerifyVersionInfoW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSetInformation
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
ExitThread
GetCPInfo
lstrlenW

user32

SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
GetProcessWindowStation
CloseWindowStation
AllowSetForegroundWindow
OpenDesktopW
CloseDesktop
ExitWindowsEx
MsgWaitForMultipleObjectsEx
PeekMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
SystemParametersInfoW
WaitForInputIdle
GetAsyncKeyState
GetDesktopWindow
LoadIconW
GetKeyState
SendMessageCallbackW
SetTimer
RegisterWindowMessageW
DestroyIcon
CharUpperW
GetMessageW
DispatchMessageW
TranslateMessage
PostThreadMessageW
CharNextW
OpenWindowStationW

advapi32

CryptReleaseContext
RegQueryValueExW
OpenProcessToken
CheckTokenMembership
GetUserNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
QueryServiceConfigW
ChangeServiceConfigW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegOpenKeyExW

ole32

CLSIDFromString
CoInitializeSecurity
CoResumeClassObjects
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
PropVariantClear
CoSetProxyBlanket
OleUninitialize
OleInitialize
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayRedim
SafeArrayCreate
SafeArrayCopy
SysAllocString
SysReAllocString
VariantInit
VariantClear
GetRecordInfoFromGuids
UnRegisterTypeLi
RegisterTypeLi
VariantCopy

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW

ws2_32

WSAResetEvent
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
accept
WSASetLastError
WSACreateEvent
WSASocketW
WSAConnect
WSAEnumNetworkEvents
WSADuplicateSocketW
freeaddrinfo
WSAAddressToStringW
inet_addr
gethostbyname
gethostbyaddr
WSAEventSelect
setsockopt
WSACloseEvent
listen
getsockopt
send
closesocket
__WSAFDIsSet
socket
bind
recv
sendto
shutdown
select
recvfrom
connect
ioctlsocket
WSAGetLastError
htons
getservbyname
htonl
inet_ntoa
ntohs
getservbyport
getaddrinfo
WSAStringToAddressW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

iphlpapi

IpReleaseAddress
IpRenewAddress
GetAdaptersInfo
GetAdaptersAddresses
GetInterfaceInfo
GetIfEntry
NotifyAddrChange
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
DeleteIPAddress
AddIPAddress

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ExtractIconW

wininet

InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW
HttpQueryInfoA
InternetReadFileExA
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetErrorDlg
HttpAddRequestHeadersW

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW
CM_Get_DevNode_Status
SetupDiGetSelectedDriverW
CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
CMP_WaitNoPendingInstallEvents
SetupCloseInfFile
SetupGetLineTextW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
CM_Locate_DevNodeW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

winspool.drv

ord204
DocumentPropertiesW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
EnumPortsW
EnumMonitorsW
DeleteMonitorW
AddMonitorW
ord203
EnumJobsW
GetJobW
SetJobW
SetPrinterW
EnumPrinterDriversW
OpenPrinterW
ClosePrinter
AddPrinterW
DeletePrinter
EnumPrintersW
GetPrinterDataExW
SetPrinterDataExW
AddPrinterDriverW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW

crypt32

CertCloseStore
CertOpenStore
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CryptUnprotectData

Sections

.text
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f1c5da0cf83789ca433c39095c4cbf1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

rpcrt4

iphlpapi

psapi

shell32

wininet

setupapi

version

secur32

winspool.drv

crypt32

Sections

.text Size: 595KB - Virtual size: 594KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 16KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 616KB - Virtual size: 620KB

.text
Size: 595KB - Virtual size: 594KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 16KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 616KB - Virtual size: 620KB