bf55e9924effb7fe09531ca4ff91c056016125d18845a53333718abc7406393c

Sharing

Copy URL Twitter E-mail

General

Target

bf55e9924effb7fe09531ca4ff91c056016125d18845a53333718abc7406393c
Size

15.6MB
MD5

e767286b6fbc41b2ade9698a9e467c80
SHA1

3373bf3323beae34ba9f2810824891f97758bd8a
SHA256

bf55e9924effb7fe09531ca4ff91c056016125d18845a53333718abc7406393c
SHA512

6cd1ed6dbb53b16b29b3a7105d4a4fabd7b11bb33900e443ed885c377ffaaf91ba3d26805430ecd3b8f4982ac3691615eb86ef3bd545a2dfeb0ca03d24bf1947
SSDEEP

393216:7WSbLiAUjsgdAJmdJOebLo6qk1qGxUCZxBgHnxbt/w:TysgdAJIJOeZjSHFt/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf55e9924effb7fe09531ca4ff91c056016125d18845a53333718abc7406393c

Files

bf55e9924effb7fe09531ca4ff91c056016125d18845a53333718abc7406393c
.exe windows:6 windows x64

858bcab0c83cc3bf4a521f15863bd491

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tesseract41

?Init@TessBaseAPI@tesseract@@QEAAHPEBD0W4OcrEngineMode@2@PEAPEADHPEBV?$GenericVector@VSTRING@@@@3_N@Z
?SetVariable@TessBaseAPI@tesseract@@QEAA_NPEBD0@Z
??0TessBaseAPI@tesseract@@QEAA@XZ
?Recognize@TessBaseAPI@tesseract@@QEAAHPEAVETEXT_DESC@@@Z
?MeanTextConf@TessBaseAPI@tesseract@@QEAAHXZ
?GetUTF8Text@TessBaseAPI@tesseract@@QEAAPEADXZ
?SetImage@TessBaseAPI@tesseract@@QEAAXPEBEHHHH@Z

mfc140u

kernel32

GetCurrentProcess
GetCurrentProcessId
WriteProcessMemory
TerminateProcess
GetProcessId
CreateToolhelp32Snapshot
GetExitCodeThread
Sleep
DeleteFileA
DeleteFileW
GetNativeSystemInfo
Module32FirstW
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
Module32NextW
VirtualFreeEx
GetTickCount
CreateEventW
SetEvent
ResetEvent
GetSystemDefaultLangID
GetCommandLineW
WinExec
ReadFile
CreatePipe
GetStartupInfoA
CreateProcessA
GetCurrentThread
SetUnhandledExceptionFilter
GetVersionExW
CreateThread
GlobalAlloc
GetTempPathA
QueryPerformanceCounter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileA
GlobalUnlock
LockFileEx
UnlockFileEx
FindClose
FindFirstFileExA
FindNextFileA
GetModuleHandleA
LoadLibraryA
ExitProcess
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetTickCount64
MultiByteToWideChar
ReleaseMutex
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
LocalFree
FreeLibrary
ReadProcessMemory
GetThreadId
GetProcAddress
GetThreadContext
LoadLibraryW
CloseHandle
GetVersionExA
ResumeThread
GetCurrentDirectoryA
SuspendThread
GetCurrentThreadId
GetFileAttributesW
GetEnvironmentVariableA
GetFileAttributesExA
GlobalLock
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetEnvironmentVariableW
OutputDebugStringA
RtlCaptureContext
SetLastError
GetModuleFileNameA
GetPrivateProfileStringA
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
VirtualQuery
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
InitializeCriticalSection
OpenProcess
GetModuleFileNameW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RedrawWindow
MoveWindow
TabbedTextOutW
SetWindowLongW
MessageBoxW
PostMessageW
GetWindow
GetDC
GetClassNameW
ReleaseDC
GetSystemMetrics
UpdateWindow
GetClientRect
IsIconic
EnumChildWindows
GetDesktopWindow
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetWindowRect
SendMessageW
EnableWindow
GetWindowThreadProcessId
LoadIconW
SetTimer
GetCursorPos
EnableMenuItem
KillTimer
AppendMenuW
CreatePopupMenu
GetWindowLongW
ShowWindow
GetMessagePos
GetClassNameA
LoadMenuW
InvalidateRect
GetFocus
DrawTextW
DrawTextExW
GetSysColor
IsWindow
DrawIcon
GrayStringW
SetParent
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetTextMetricsW
GetObjectW
GetDeviceCaps
GetStockObject
ExtTextOutW
PtVisible
Escape
TextOutW
CreateRectRgn
RectVisible
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

RegCloseKey
RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameA
RegQueryValueExA
OpenProcessToken

shell32

ShellExecuteA
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFileExistsW

oleaut32

ws2_32

msvcp140

?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pubsetbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAPEAV12@PEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??1ios_base@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

concrt140

?_UnderlyingYield@details@Concurrency@@YAXXZ
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?Free@Concurrency@@YAXPEAX@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ

vcruntime140

memset
longjmp
memmove
__RTDynamicCast
memcpy
strstr
memchr
strrchr
__std_exception_destroy
_purecall
wcsrchr
__std_terminate
__C_specific_handler
__CxxFrameHandler3
strchr
memcmp
_CxxThrowException
__intrinsic_setjmp
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

_open
_close
_lseeki64
_wopen
_write
rewind
feof
fgets
fputs
_read
__p__commode
ungetc
setvbuf
_fseeki64
fsetpos
fputc
fopen
fgetpos
fgetc
_get_stream_buffer_pointers
__stdio_common_vfprintf
fflush
__acrt_iob_func
fwrite
_set_fmode
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_wfopen_s
fread
_wfopen
__stdio_common_vswprintf
fseek
fclose
ftell

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
abort
set_terminate
strerror
_seh_filter_exe
_set_app_type
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_wide_environment
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

_stricmp
isxdigit
toupper
strnlen
strncmp
isdigit
strcmp
tolower
wcsncpy
strncpy
strcat_s
_strdup
wcscat_s
strncpy_s
_wcsicmp

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtod
_strtoui64
atoi
_wtoi
_itow
wcstombs
_strtoi64

api-ms-win-crt-time-l1-1-0

wcsftime
_time64
_localtime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
logf
expf
pow
atan2f
atan2
sqrtf
sqrt
log
exp
cos
_isnan
round
floor
atan
sin

api-ms-win-crt-utility-l1-1-0

ldiv
rand
srand

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_lock_file
remove
_unlock_file
_rmdir

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

858bcab0c83cc3bf4a521f15863bd491

Headers

DLL Characteristics

File Characteristics

Imports

tesseract41

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

msvcp140

version

iphlpapi

concrt140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 776KB - Virtual size: 776KB

.pdata Size: 132KB - Virtual size: 132KB

_RDATA Size: 48KB - Virtual size: 48KB

.vmp0 Size: 3.2MB - Virtual size: 3.2MB

.vmp1 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.l1 Size: 41KB - Virtual size: 41KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 776KB - Virtual size: 776KB

.pdata
Size: 132KB - Virtual size: 132KB

_RDATA
Size: 48KB - Virtual size: 48KB

.vmp0
Size: 3.2MB - Virtual size: 3.2MB

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.l1
Size: 41KB - Virtual size: 41KB