bd6905072e375e67cca93931df76bf8ed80d263dddf5882ae773dadac9e2143d

Sharing

Copy URL

Twitter E-mail

General

Target

bd6905072e375e67cca93931df76bf8ed80d263dddf5882ae773dadac9e2143d
Size

1.1MB
MD5

a9d1edc433aabed02e95813accc0e47d
SHA1

713ffde3986705d73c23ae5d0becc03f9cb27ce3
SHA256

bd6905072e375e67cca93931df76bf8ed80d263dddf5882ae773dadac9e2143d
SHA512

d82eb596210ba74424baec48f7ffe95d9db15b34f693eb1363e77c9556f86edc1f3a7fcfe08cadc20b6405583f9e6471ac1b1ba6b0074671f91ac5d2fe7681fd
SSDEEP

24576:KUS9pBRfzPqTI6xF3ax/FLTMDzxQh/sLBnrB/W0KUo3Uh:KnpDekO5a5FLTMWwB/KUo3Uh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6905072e375e67cca93931df76bf8ed80d263dddf5882ae773dadac9e2143d

Files

bd6905072e375e67cca93931df76bf8ed80d263dddf5882ae773dadac9e2143d
.exe windows:5 windows x86

d85be797aa0a8a20541a7d61eb6ec768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetFullPathNameW
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
GlobalFindAtomA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetDriveTypeA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
InterlockedExchange
SetConsoleMode
ReadConsoleInputA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetVersion
InterlockedCompareExchange
GetProcessHeap
GetLogicalDrives
GetComputerNameA
lstrcmpW
GlobalDeleteAtom
LCMapStringW
GetFileAttributesA
GlobalFlags
GlobalAddAtomA
SetEndOfFile
FlushFileBuffers
SetFilePointer
GetStringTypeExA
lstrcmpA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetModuleHandleW
CompareStringA
FormatMessageA
lstrlenW
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
lstrcpyW
SetLastError
GetCurrentThreadId
CreateFileW
FindResourceW
GetModuleFileNameW
DeleteFileA
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalAlloc
LocalFree
SetCurrentDirectoryA
ExitProcess
GetVersionExA
CreateMutexA
Sleep
WriteFile
GetFileSize
ReadFile
MultiByteToWideChar
lstrlenA
WritePrivateProfileStringA
WideCharToMultiByte
FindResourceExA
LoadResource
LockResource
SizeofResource
GetPrivateProfileStringA
OpenEventA
WaitForSingleObject
GetLogicalDriveStringsA
CreateFileA
DeviceIoControl
CloseHandle
GetModuleFileNameA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileIntA
LCMapStringA

user32

MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
MessageBoxA
wsprintfW
GetFocus
GetDesktopWindow
ClientToScreen
GetMessagePos
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetMessageTime
DestroyWindow
GetTopWindow
LoadStringA
GetProcessWindowStation
GetUserObjectInformationW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorA
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
WinHelpA
LoadIconA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
DestroyMenu
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetWindow
GetCapture
GrayStringA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegisterEventSourceA
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
ReportEventA

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

VariantInit
VariantTimeToSystemTime
VariantChangeType
VariantClear
SystemTimeToVariantTime
VarUdateFromDate

netcheckalarm

?CreateProxyProcess@@YAXAAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@00H@Z

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSACleanup
closesocket
htons
WSAGetLastError
connect
WSAStartup
getsockname
socket
inet_addr

oleacc

CreateStdAccessibleObject
LresultFromObject

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d85be797aa0a8a20541a7d61eb6ec768

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

oleaut32

netcheckalarm

rpcrt4

version

ws2_32

oleacc

iphlpapi

dbghelp

Sections

.text Size: 864KB - Virtual size: 863KB

.rdata Size: 211KB - Virtual size: 210KB

.data Size: 17KB - Virtual size: 43KB

.rsrc Size: 52KB - Virtual size: 51KB

.text
Size: 864KB - Virtual size: 863KB

.rdata
Size: 211KB - Virtual size: 210KB

.data
Size: 17KB - Virtual size: 43KB

.rsrc
Size: 52KB - Virtual size: 51KB