bc5c9c8d203518b23c9cd6f503efdabc11dc45c9c1494f4eb7ea5fce375cdf72

Sharing

Copy URL Twitter E-mail

General

Target

bc5c9c8d203518b23c9cd6f503efdabc11dc45c9c1494f4eb7ea5fce375cdf72
Size

12.7MB
MD5

29a62c80801a1cb8f24c274a0bc4c133
SHA1

ae94c8510c8a17b63c9ee5b4723570d50bfb55d8
SHA256

bc5c9c8d203518b23c9cd6f503efdabc11dc45c9c1494f4eb7ea5fce375cdf72
SHA512

2f2ea88274c62f785f3328d80e6bf0ff74a5fba8ecbfc6e6041ed468716ff6938a43ca48c342f461d4386eb5b74eed0f26fa1ef5a8747aa4b1119c81467807f0
SSDEEP

393216:zkP7xGblmPpwlh1k+EXRsvzCkH5f/Z0Gu8:Q9GblmiC+ERsWktSf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc5c9c8d203518b23c9cd6f503efdabc11dc45c9c1494f4eb7ea5fce375cdf72

Files

bc5c9c8d203518b23c9cd6f503efdabc11dc45c9c1494f4eb7ea5fce375cdf72
.exe windows:5 windows x86

2f619a91e356a102f8ae483a843b392e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
DuplicateHandle
GetFileType
SetFilePointer
WriteFile
MoveFileExW
OpenProcess
TerminateProcess
GetLastError
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
WaitForSingleObject
GetCurrentProcessId
DeviceIoControl
CreateFileW
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetDiskFreeSpaceExW
SetLastError
WideCharToMultiByte
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
FindClose
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InterlockedCompareExchange
Sleep
GetShortPathNameW
CreateProcessW
SetPriorityClass
ResumeThread
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
LoadLibraryExW
FreeResource
FreeLibrary
GetSystemWindowsDirectoryW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
EnterCriticalSection
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CloseHandle
GetCommandLineW
CreateDirectoryW
GetModuleFileNameW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
LCMapStringA
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
FatalAppExitA
VirtualFree
SizeofResource
HeapCreate
GetModuleFileNameA
GetStdHandle
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
UnmapViewOfFile
SetCurrentDirectoryW
GetTickCount
MulDiv
OutputDebugStringW
ExitProcess
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
CreateMutexW
TlsGetValue
TlsSetValue
HeapUnlock
OpenThread
HeapLock
HeapWalk
GetCurrentThreadId
ReleaseMutex
TlsAlloc
TlsFree
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetStartupInfoA
DeleteFileA

user32

SetWindowPos
ScreenToClient
MessageBoxW
ShowWindow
RegisterClassW
SetWindowLongW
PostMessageW
DestroyWindow
GetParent
GetWindowRect
wsprintfW
OffsetRect
InflateRect
UnionRect
DefWindowProcW
SystemParametersInfoW
LoadImageW
GetSystemMetrics
RemovePropW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
SetCursor
LoadCursorW
wvsprintfW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetKeyState
GetDC
InvalidateRect
SetTimer
KillTimer
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
GetFocus
GetCapture
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetCursorPos
CharNextW
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
GetWindowTextW
GetWindowTextLengthW
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
GetMonitorInfoW
MonitorFromWindow
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetWindowRgn
IsWindowVisible
IsZoomed
IsIconic
FindWindowW
LoadStringW
SetWindowTextW
SendMessageW
GetWindow
EnableWindow
IsWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetClientRect

gdi32

RoundRect
GetTextExtentPoint32W
SetBkMode
GetCharABCWidthsW
SetTextColor
TextOutW
GdiFlush
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
CreateRectRgn
PtInRegion
DeleteObject
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateRoundRectRgn
StretchBlt
SetStretchBltMode
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
MoveToEx

advapi32

QueryServiceStatusEx
RegSetValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegCloseKey
ControlService
RegOpenKeyW
RegDeleteValueW
RegEnumKeyExA
RegQueryInfoKeyA

shell32

ord21
SHParseDisplayName
SHGetFileInfoW
SHGetDesktopFolder
SHBindToParent
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ord165
SHBrowseForFolderW
SHGetFolderLocation
ord680
ord23

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
OleInitialize
OleUninitialize
CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString

oleaut32

SysFreeString

shlwapi

StrRetToStrW
SHDeleteKeyW
PathFileExistsW
PathAppendW
PathCombineW
StrCmpIW
StrStrIW
PathFileExistsA
SHGetValueA
PathCombineA
PathAppendA
PathRemoveFileSpecW
SHGetValueW
PathIsDirectoryW
StrCmpNIW
PathRemoveBackslashW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f619a91e356a102f8ae483a843b392e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

wintrust

crypt32

comctl32

Sections

.text Size: 677KB - Virtual size: 676KB

.rdata Size: 158KB - Virtual size: 158KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 11.8MB - Virtual size: 11.8MB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 677KB - Virtual size: 676KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

.reloc
Size: 59KB - Virtual size: 59KB