bb7e837d7fd3a169c434e3d8720954ff8cc5bbf02b1bc8218d3d8b045b5e1ad2

Sharing

Copy URL Twitter E-mail

General

Target

bb7e837d7fd3a169c434e3d8720954ff8cc5bbf02b1bc8218d3d8b045b5e1ad2
Size

269KB
MD5

15be4da8d7ac6b70feaeeea72aaafa1a
SHA1

8d05cdb62b56bd85c301fc2112c4962faae4ea7f
SHA256

bb7e837d7fd3a169c434e3d8720954ff8cc5bbf02b1bc8218d3d8b045b5e1ad2
SHA512

c8e0e3a4f41e761853a4cebdb07de110f6cbf290e13f74f4075edf6cc15d2b30e82f3c0344e0d4e630b62d2ad0c3053d420b774ee1a31b1690e0776b883b02c7
SSDEEP

6144:hFio1h6H84eq7Ps2JwdRJjqufzb/ofVnA9XUSG6OrH:fd0H84eq7NJqXjHofRmUt64H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb7e837d7fd3a169c434e3d8720954ff8cc5bbf02b1bc8218d3d8b045b5e1ad2

Files

bb7e837d7fd3a169c434e3d8720954ff8cc5bbf02b1bc8218d3d8b045b5e1ad2
.exe windows x86

d26a7cfd56ad2c728d97488541fee955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
SetFilePointer
SetEndOfFile
OpenFileMappingW
GetLocalTime
GlobalLock
GlobalUnlock
CreateDirectoryW
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
SetFileTime
FindClose
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileTime
FlushFileBuffers
HeapFree
GetProcessHeap
GetCurrentThreadId
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleOutputCP
FreeConsole
GetOverlappedResult
ConnectNamedPipe
GetSystemInfo
RemoveDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
OutputDebugStringW
GetWindowsDirectoryW
GetComputerNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
DisconnectNamedPipe
ResetEvent
lstrcmpA
ExitThread
CreateThread
OutputDebugStringA
LocalAlloc
LocalFree
CreateIoCompletionPort
PostQueuedCompletionStatus
TerminateThread
GetCurrentThread
GetQueuedCompletionStatus
LocalLock
LocalUnlock
LocalReAlloc
QueueUserAPC
InitializeCriticalSection
GetModuleHandleA
GetSystemDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
DeleteFileW
lstrcmpiW
OpenProcess
GetVersionExW
WriteProcessMemory
SetUnhandledExceptionFilter
WideCharToMultiByte
GetFileSize
MultiByteToWideChar
SetFileAttributesW
CreateFileW
WriteFile
lstrlenW
ReadFile
lstrcmpW
GetTickCount
lstrcpyA
CreateEventW
WaitForMultipleObjects
lstrcpynW
CreateProcessW
DeleteCriticalSection
CreateRemoteThread
VirtualAllocEx
GetExitCodeThread
ResumeThread
LeaveCriticalSection
VirtualAlloc
VirtualFree
EnterCriticalSection
GlobalMemoryStatus
lstrcpynA
GetSystemTime
GetCurrentProcessId
ExitProcess
GetProcAddress
CloseHandle
Process32FirstW
LoadLibraryA
SetEvent
Process32NextW
GetLastError
CreateToolhelp32Snapshot
WaitForSingleObject
lstrlenA
TerminateProcess
GetCurrentProcess
Sleep

user32

GetWindowThreadProcessId
GetMessageW
DefWindowProcW
GetKeyState
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
DispatchMessageW
SetTimer
GetForegroundWindow
ExitWindowsEx
MessageBoxW
DestroyIcon
UnhookWindowsHookEx
TranslateMessage
SetWindowsHookExW
SetWindowLongW
KillTimer
PostQuitMessage
GetIconInfo
SetCursorPos
OpenWindowStationW
GetProcessWindowStation
SetCapture
mouse_event
LoadCursorW
OpenInputDesktop
SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
WindowFromPoint
PostMessageA
keybd_event
CloseWindowStation
GetWindowTextW
CloseDesktop
CreateDesktopW
OpenClipboard
CloseClipboard
GetClipboardData
GetSystemMetrics
wsprintfW
wsprintfA
GetClassNameW

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
GetDeviceCaps
CreateDCW
GetDIBits
DeleteDC
DeleteObject
BitBlt

advapi32

RegCloseKey
CloseServiceHandle
OpenSCManagerW
DeleteService
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW
RegDeleteValueA
InitiateSystemShutdownA
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
ControlService
GetTokenInformation
LookupAccountSidW
GetUserNameW
GetLengthSid
FreeSid
OpenProcessToken
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
SetTokenInformation
RegEnumValueA
ImpersonateLoggedOnUser
RegOverridePredefKey
RegOpenCurrentUser
RevertToSelf
RegEnumValueW
RegOpenKeyA

shell32

ExtractIconExW
SHFileOperationW

odbc32

ord136
ord157
ord141
ord9
ord2
ord43
ord111
ord61
ord18
ord127
ord75
ord13
ord24
ord31
ord171

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

userenv

CreateEnvironmentBlock

ws2_32

getsockname
WSASocketA
closesocket
WSARecvFrom
WSACleanup
WSAStartup
WSAIoctl
htons
setsockopt
bind
WSASendTo
WSAGetLastError

Exports

Exports

?nuefubybysda@@YGKXZ

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d26a7cfd56ad2c728d97488541fee955

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

odbc32

wtsapi32

userenv

ws2_32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 114KB - Virtual size: 113KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 8KB - Virtual size: 7KB