bootcfg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bootcfg.exe
Size

85KB
MD5

733b68be10125275664761c421711334
SHA1

43bda398e0a6579cfab22e61d3ae3dab0c110193
SHA256

eca71e18ba0112e834afa9ab087a3ef25431d720b3499eb790d069ebfc5138df
SHA512

9cf9981c382a81485ea85b6f1e93118e4db8ffea3dd1bda3047bb8294b20343e07ae2209149b9b8e443076d8d8e16b16c9a24844c663191b33ebbdec459f1584
SSDEEP

1536:IxYILbDSbTjQO6MfyClGk2edS6nESsKetHWzaF5GE6nIYluCfhzL+e6LeNOKO0xK:KsTjQO5Zlx2edS6ESsKeAU5NgTjJ+3k0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bootcfg.exe

Files

bootcfg.exe
.exe windows:6 windows x64

32f05ff4bbc9fa784b970911d0c29527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid

kernel32

WritePrivateProfileSectionW
CreateFileW
WritePrivateProfileStringW
GetLastError
SetLastError
HeapSetInformation
CloseHandle
GetPrivateProfileSectionW
SetFileAttributesW
GetModuleFileNameW
GetTimeFormatW
GetComputerNameExW
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetFileAttributesW
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
VerSetConditionMask
LocalFree
FormatMessageW
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetFileSize
GetPrivateProfileStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenA

msvcrt

fflush
fprintf
_get_osfhandle
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
fclose
_ltow
wcstok
_itow
_vsnwprintf
wcsstr
wcsrchr
_wfopen
__iob_func
_wchmod
wcsncpy_s
wcschr
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
memset

ntdll

RtlVirtualUnwind
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

LoadStringW
CharLowerW
CharUpperW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

netapi32

NetServerGetInfo
NetApiBufferFree

ws2_32

WSAStartup
WSACleanup
GetNameInfoW
FreeAddrInfoW
GetAddrInfoW
WSAGetLastError

secur32

GetUserNameExW

shlwapi

StrChrW
StrRChrW
StrCmpNW
StrStrIW
StrStrW
StrChrIW

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f05ff4bbc9fa784b970911d0c29527

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

mpr

netapi32

ws2_32

secur32

shlwapi

version

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 36B