bb6df8745b1d5c6dbd3baf3634c3a06144c5537aefafcf494d8aef94779ccbfa

Sharing

Copy URL Twitter E-mail

General

Target

bb6df8745b1d5c6dbd3baf3634c3a06144c5537aefafcf494d8aef94779ccbfa
Size

2.0MB
MD5

f2600c9676a718d7b49be9f32e222d6b
SHA1

df94e0fc6695a783fed6fa7a2191c8d3c5dc285d
SHA256

bb6df8745b1d5c6dbd3baf3634c3a06144c5537aefafcf494d8aef94779ccbfa
SHA512

f6d5438eebd613b31b62e085c010d1a3f88237cefc47851d83bad653e4b2f5a5357a0c2b1617c77f6b9b969733a3a987bfc0a6323637c98f2530d58b1e711f17
SSDEEP

49152:7+C76umRHFtfuq6WGBguVUQd++5rZhSP7rPQsS0Y0B:7+C2umDGylQdFhgr4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb6df8745b1d5c6dbd3baf3634c3a06144c5537aefafcf494d8aef94779ccbfa

Files

bb6df8745b1d5c6dbd3baf3634c3a06144c5537aefafcf494d8aef94779ccbfa
.exe windows x86

e71c6f77ea0e36f30cbb4bbdbc02669f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree

ws2_32

WSACleanup
WSASetLastError
inet_addr
WSAStartup
select
getaddrinfo
connect
getsockopt
freeaddrinfo
setsockopt
ioctlsocket
recv
ntohs
send
closesocket
accept
htons
htonl
ntohl
WSAGetLastError
WSAPoll
listen
socket
bind

libusb-1.0

libusb_submit_transfer
libusb_get_max_packet_size
libusb_has_capability
libusb_free_transfer
libusb_get_device_address
libusb_alloc_transfer
libusb_open
libusb_get_bus_number
libusb_hotplug_register_callback
libusb_get_configuration
libusb_get_version
libusb_get_string_descriptor_ascii
libusb_release_interface
libusb_hotplug_deregister_callback
libusb_strerror
libusb_exit
libusb_get_device_descriptor
libusb_get_active_config_descriptor
libusb_claim_interface
libusb_init
libusb_get_device_list
libusb_free_config_descriptor
libusb_error_name
libusb_cancel_transfer
libusb_close
libusb_get_device_speed
libusb_free_device_list
libusb_handle_events_timeout

libusb0

usb_get_string_simple
usb_set_debug
usb_find_busses
usb_open
usb_get_busses
usb_find_devices
usb_set_configuration
usb_init
usb_close

kernel32

HeapReAlloc
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
ReadFile
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
LoadLibraryExW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
CreateMutexW
ReleaseMutex
GetLastError
GetSystemTime
FindFirstFileExW
GetFullPathNameW
FindNextFileW
FindClose
ExitProcess
FormatMessageA
WaitForSingleObject
CloseHandle
CreateThread
GetModuleFileNameW
WideCharToMultiByte
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FindFirstFileW
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
DecodePointer
LoadLibraryA
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteFileW
GetCurrentDirectoryW
SetStdHandle
CreateDirectoryW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
HeapSize
SetEndOfFile
WriteConsoleW
SystemTimeToFileTime
FreeLibrary

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptExportKey
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
DeregisterEventSource
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

bcrypt

BCryptGenRandom

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e71c6f77ea0e36f30cbb4bbdbc02669f

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ws2_32

libusb-1.0

libusb0

kernel32

user32

advapi32

shell32

bcrypt

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 441KB - Virtual size: 441KB

.data Size: 18KB - Virtual size: 33KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 441KB - Virtual size: 441KB

.data
Size: 18KB - Virtual size: 33KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 59KB - Virtual size: 58KB