bc067b7603849305f62e492bf479d7708cf0f93a220136b8bb9f852719453565

Sharing

Copy URL Twitter E-mail

General

Target

bc067b7603849305f62e492bf479d7708cf0f93a220136b8bb9f852719453565
Size

600KB
MD5

1c11458b449d73c78a13ac3f1fb550ce
SHA1

d3d1dbb9d11646c1550b081fd7d193f277da7efe
SHA256

bc067b7603849305f62e492bf479d7708cf0f93a220136b8bb9f852719453565
SHA512

73453b8b35a100e086ea3ab290e9c74b378278cd6cb906741799601f6c1f4eceea19f3424389a7418cd3085f44c71b356184ae7f4320b91f136a3d4813933ec6
SSDEEP

6144:BcWHtEE7B5aqXye3yA6gEIxs3KE11SGTnGH9inXt5M+gjv9jkx0xeTim:BcWNEmagEd11A9inXX89j40lm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc067b7603849305f62e492bf479d7708cf0f93a220136b8bb9f852719453565

Files

bc067b7603849305f62e492bf479d7708cf0f93a220136b8bb9f852719453565
.exe windows x86

177c179e9d637987dfec01d6a78ed394

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gbase

?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
??1CallbackBase@internal@base@@IAE@XZ
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
?is_valid@WeakReference@internal@base@@QBE_NXZ
??1WeakReference@internal@base@@QAE@XZ
?SetOnNeedThreadSafe@WeakReferenceOwner@internal@base@@QAEXXZ
?GetRef@WeakReferenceOwner@internal@base@@QBE?AVWeakReference@23@XZ
??1WeakReferenceOwner@internal@base@@QAE@XZ
??0WeakReferenceOwner@internal@base@@QAE@XZ
?lock@WeakPtrBase@internal@base@@QBEPBVLock@3@XZ
??1WeakPtrBase@internal@base@@QAE@XZ
??0WeakPtrBase@internal@base@@IAE@ABVWeakReference@12@@Z
?Release@RefCountedThreadSafeBase@subtle@base@@IBE_NXZ
?AddRef@RefCountedThreadSafeBase@subtle@base@@IBEXXZ
??1RefCountedThreadSafeBase@subtle@base@@IAE@XZ
??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ
?current@MessageLoopProxy@base@@SA?AV?$scoped_refptr@VMessageLoopProxy@base@@@@XZ
??0Location@tracked_objects@@QAE@PBD0HPBX@Z
?GetProgramCounter@tracked_objects@@YAPBXXZ
??0WeakPtrBase@internal@base@@QAE@ABV012@@Z
?Release@?$RefCountedThreadSafe@VTaskRunner@base@@UTaskRunnerTraits@2@@base@@QBEXXZ
?Release@Lock@base@@QAEXXZ
?Acquire@Lock@base@@QAEXXZ
??1AtExitManager@base@@QAE@XZ
??0AtExitManager@base@@QAE@XZ
?Init@CommandLine@@SA_NHPBQBD@Z

apppluginbase

?Show@CDefaultPlugin@@UAEX_N@Z
?OnDomainMessage@CDefaultPlugin@@UAEXPB_WPAVIIpcData@@@Z
?DestoryPluginEntry@CDefaultPlugin@@UAEXXZ
?GetWeakRef@CDefaultPlugin@@UAE?AVWeakReference@internal@base@@XZ
?ShowModal@CDefaultPlugin@@UAEXXZ
?IsUIPlugin@IPluginWithUI@@UAE_NXZ
?SetParent@CDefaultPlugin@@UAEXPAUHWND__@@@Z
?NativeCall@CDefaultPlugin@@UAEPBDPBD0@Z
?FireEvent@CDefaultPlugin@@UAE_NPB_WPAX@Z
?Close@CDefaultPlugin@@UAEXXZ
?SetPos@CDefaultPlugin@@UAEXUtagRECT@@@Z
??1CDefaultPlugin@@UAE@XZ
?GetAppRunner@QObjectCreator@@SAPAVIAppRunner@@XZ
?GetPos@CDefaultPlugin@@UAE?AUtagRECT@@XZ
?UnSubscribe@CDefaultPlugin@@UAEXPB_WAAVCPluginDelegateBase@@@Z
?GetServiceManager@QObjectCreator@@SAPAVIServiceManager@@XZ
?ProcessRemoteEvent@IPlugin@@UAEPAUsEventInfo@@PAVIIpcData@@@Z
?SetHost@CDefaultPlugin@@UAEXPAVIPluginHost@@@Z
?Subscribe@CDefaultPlugin@@UAEXPB_WAAVCPluginDelegateBase@@@Z
??0CDefaultPlugin@@QAE@PAVIPluginHost@@@Z
?OnHostDestory@CDefaultPlugin@@UAEXXZ

utility

?SetAppID@process@utility@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?StartLog@log@utility@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?StopLog@log@utility@@YA_NXZ
?GetFileVersion@file@utility@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z
?AppInitializeMainThread@thread@utility@@YAXXZ
?AppShutdownThreadsAndCleanUp@thread@utility@@YAXXZ
?AppCreateOtherThreads@thread@utility@@YAXXZ
?ShutdownHttpRequest@http@utility@@YAXXZ
?StartHttpRequest@http@utility@@YAXXZ
?ppstream@config@utility@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?Cleanup@local@utility@@YAXXZ
?HttpRequest@http@utility@@YAXABVLocation@tracked_objects@@V?$scoped_refptr@VHttpRequestTask@http@utility@@@@ABV?$Callback@$$A6AXV?$scoped_refptr@VHttpRequestTask@http@utility@@@@@Z@base@@@Z
?GetPrivateProfileStringW@IFile@file@utility@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00AAV45@0@Z
?GetSetupType@IEnv@system@utility@@SAHXZ
?GetDfpSync@IEnv@system@utility@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetStartID@IEnv@system@utility@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetClientID@IEnv@system@utility@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?stream@LogMessage@glog@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
??1LogMessage@glog@@QAE@XZ
??0LogMessage@glog@@QAE@PBD0HH@Z

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetLastError
GetTickCount64
InitializeSListHead
InitializeCriticalSectionEx

gdi32

CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
SelectObject

ole32

CoUninitialize
CoInitializeEx

msvcp140

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ

gdiplus

GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipAlloc

vcruntime140

_CxxThrowException
memcpy
__current_exception
_except_handler4_common
memset
memmove
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__current_exception_context

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_recalloc
_callnewh
malloc
calloc
free

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
exit
_register_thread_local_exe_atexit_callback
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initterm_e
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
_invalid_parameter_noinfo
_resetstkoflw
_invalid_parameter_noinfo_noreturn
terminate
_controlfp_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

177c179e9d637987dfec01d6a78ed394

Headers

DLL Characteristics

File Characteristics

Imports

gbase

apppluginbase

utility

kernel32

gdi32

ole32

msvcp140

gdiplus

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 453KB - Virtual size: 453KB

.reloc Size: 69KB - Virtual size: 72KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 453KB - Virtual size: 453KB

.reloc
Size: 69KB - Virtual size: 72KB