bf314a4d674772b2e0f409adcbcea1350dfb6a07fe31b5f6ea64a61faed7f8aa

Sharing

Copy URL

Twitter E-mail

General

Target

bf314a4d674772b2e0f409adcbcea1350dfb6a07fe31b5f6ea64a61faed7f8aa
Size

1.9MB
MD5

65f0860d8370def5e666b0435fc9a8e4
SHA1

2d519acacca6b59ef8313691cc2c4f0a60c794ee
SHA256

bf314a4d674772b2e0f409adcbcea1350dfb6a07fe31b5f6ea64a61faed7f8aa
SHA512

f3665446d58b2ba48330fc668e9d15935185b1162bf5952ee13c96ca299d9ab475adba8558146c94a77311c6292db2b489e0e9fa29655e36f5ec7134b06aca6a
SSDEEP

49152:fkwDe7t65qHhLp9mr7h3N7Nrk2QcP+p7IXt:fkwe2qH5p9mrZN7NrON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf314a4d674772b2e0f409adcbcea1350dfb6a07fe31b5f6ea64a61faed7f8aa

Files

bf314a4d674772b2e0f409adcbcea1350dfb6a07fe31b5f6ea64a61faed7f8aa
.exe windows:6 windows x86

1e883ee9863409b199872b4453aceb92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObject

ws2_32

shutdown
WSAStartup
gethostbyname
inet_ntoa
closesocket
WSAGetLastError
socket
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
send
getservbyname

kernel32

GetSystemDirectoryW
GetModuleFileNameW
MoveFileExW
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
CreateFileA
DeviceIoControl
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringW
GetSystemDirectoryA
GetModuleHandleW
GetProcAddress
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
FreeLibrary
LoadLibraryW
VerifyVersionInfoW
Sleep
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FlushConsoleInputBuffer
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
LoadLibraryA
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
EncodePointer
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleInputW
SetConsoleMode
SetEndOfFile
FlushFileBuffers
GetFileSizeEx
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileAttributesW
GetDriveTypeW
Process32NextW
GetStdHandle
CreateToolhelp32Snapshot
lstrcpyW
lstrcpynW
lstrcmpA
LocalFree
LocalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
OpenProcess
TerminateProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
GetConsoleOutputCP
ResetEvent
CreateEventW
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
SetFilePointerEx
DecodePointer
FreeLibraryAndExitThread
ExitThread
CreateThread
Process32FirstW
GetModuleHandleExW
ExitProcess
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
LoadIconW
MessageBoxW
LoadCursorW
MessageBoxA
GetWindowRect
GetWindowTextW
EndPaint
BeginPaint
UpdateWindow
GetSystemMetrics
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
SetWindowPos
LoadAcceleratorsW
TranslateAcceleratorW

gdi32

DeleteObject
CreateFontW

advapi32

CryptGetUserKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
RegCloseKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA

shell32

SHFileOperationW
ShellExecuteW
ord165

shlwapi

PathRemoveFileSpecW

wldap32

ord208
ord41
ord117
ord301
ord147
ord14
ord79
ord26
ord142
ord46
ord167
ord127
ord27
ord216
ord219
ord133
ord145

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e883ee9863409b199872b4453aceb92

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

shlwapi

wldap32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 394KB - Virtual size: 394KB

.data Size: 45KB - Virtual size: 60KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 69KB - Virtual size: 68KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 394KB - Virtual size: 394KB

.data
Size: 45KB - Virtual size: 60KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 69KB - Virtual size: 68KB