bd2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd2.exe
Size

1.5MB
MD5

e5d46566876726b28c41208c3cd2668f
SHA1

68427fdf8869c2b7f4481615e337a5dd7ac47b8f
SHA256

93c89bf96aa577dd9c4022445f0686a44f7f5983f8883fc230f0693c5be8d7ef
SHA512

573bd1c8359bb1ba0e3cc0fb6c933e5bfd564bd4d52766c97895af48aaa8ed0f79c01bce5860acc82c19a76965e800d081c7e87d98b93f073c89299decedb243
SSDEEP

24576:PCnU7u9QBSsyVsr7YXu45Ogpp4JfDG2uk/jKRdiS6t3pd2M2OOcvzAP8EqLXmHfE:Aiu9wyVsr0Xu45OGofDHuvJ652QvUPHm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd2.exe

Files

bd2.exe
.exe windows x64

b4f9cd9754d93873e260ded4159fb15b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fileno
_fmode
_get_osfhandle
_initterm
_localtime64
_lock
_onexit
_setjmp
_setmode
_unlock
_wfopen
abort
calloc
exit
fflush
fprintf
fputc
free
fwrite
localeconv
malloc
memchr
memcpy
memset
setvbuf
signal
strerror
strlen
strncmp
vfprintf
wcslen
longjmp

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4f9cd9754d93873e260ded4159fb15b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 512B - Virtual size: 368B

.rdata Size: 1.4MB - Virtual size: 1.4MB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 89KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 552B

.reloc Size: 512B - Virtual size: 360B

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 512B - Virtual size: 368B

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 89KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 552B

.reloc
Size: 512B - Virtual size: 360B