bf91bf081b1be3ac5dbbe5a162c9c6a1bb2c223057b195d3ea9ceeb1ca5413ab

Sharing

Copy URL Twitter E-mail

General

Target

bf91bf081b1be3ac5dbbe5a162c9c6a1bb2c223057b195d3ea9ceeb1ca5413ab
Size

218KB
MD5

9a5024552df02889636982b8e82f176a
SHA1

28687facada3cf4a10228902563d27318e6d2b26
SHA256

bf91bf081b1be3ac5dbbe5a162c9c6a1bb2c223057b195d3ea9ceeb1ca5413ab
SHA512

2790b0f679d6aa482b116c8a92e0f75ce23ef8f6842a5d6617b0fb436a4283f3e09cf4cb7121bd23a28777e6b07bd39ec9cc6f0412f1643e8ef02792b767ed7a
SSDEEP

6144:piONmNICShFuRVdd/Al+5ehke/dngNSbKk+L:b1hmdd/Al+5kp5gNT5L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf91bf081b1be3ac5dbbe5a162c9c6a1bb2c223057b195d3ea9ceeb1ca5413ab

Files

bf91bf081b1be3ac5dbbe5a162c9c6a1bb2c223057b195d3ea9ceeb1ca5413ab
.exe windows:4 windows x86

f41ff8566ea09d13f04e5d3309d52725

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeInitializeA
OpenInputDesktop
DdeUnaccessData
ClipCursor
GetKBCodePage
GetThreadDesktop
GetMenuItemInfoA
GetOpenClipboardWindow
GetClipboardOwner
GetMenuItemInfoW
CharLowerBuffA
LoadMenuA
GetClassNameA
RegisterClassA
GetMenu
SetCursor
SetForegroundWindow
ClientToScreen
GetKeyState
DrawTextA
CreateIconIndirect
GetCursorPos
GetWindowTextLengthA
MessageBoxW
DialogBoxParamA
SetCaretPos
DdeFreeDataHandle
AdjustWindowRect
GetMenuState
LoadImageA
DispatchMessageA
DefDlgProcA
TranslateAcceleratorA
SetScrollRange
FrameRect
GetNextDlgGroupItem
SetDlgItemInt
GetDCEx
GetWindowRect
SystemParametersInfoA
SetClassLongA
SetWindowLongA
InvalidateRgn
GetMessagePos
InvalidateRect
IsDialogMessageA
SetTimer
TrackPopupMenuEx
TrackPopupMenu
DrawIcon
ReleaseDC
MoveWindow
LoadCursorW
wvsprintfA
LoadStringW
MapDialogRect
EnableMenuItem
CharLowerW

msvcrt

__p__commode
exit
_osver
exit
_acmdln
_controlfp
_searchenv
__getmainargs
__p__fmode
__set_app_type
_adjust_fdiv
__setusermatherr
_initterm

shell32

SHBrowseForFolderA
ord179
ExtractAssociatedIconW
DragQueryPoint
ExtractAssociatedIconA
SHGetSpecialFolderLocation
SHAppBarMessage
Shell_NotifyIconA

gdi32

GetTextFaceW
CreateDIBitmap
CreateMetaFileA
GetCharacterPlacementW
RectInRegion
EnumFontFamiliesW
SetWinMetaFileBits
GetCharABCWidthsFloatW
GetTextMetricsA
PolyPolygon
CloseMetaFile
SetWindowExtEx
ExtCreatePen
EnumFontFamiliesExA
GetArcDirection
EqualRgn
GetWindowOrgEx
CreateHatchBrush
GetTextFaceA
RestoreDC
GetCharABCWidthsW
CreateBrushIndirect
GetTextExtentPointA
FrameRgn
SelectObject
StartDocW
SetBrushOrgEx
GetROP2
GetBitmapBits
DPtoLP
GetTextCharsetInfo
TextOutW
AngleArc
GetPixelFormat
ExtCreateRegion
PaintRgn
GetClipBox
SetBkColor
GetOutlineTextMetricsA
GetCharWidthW
GetDCOrgEx
SetGraphicsMode
CreateHalftonePalette
AddFontResourceA
DeleteMetaFile
SetPixel
PlayEnhMetaFileRecord
GetGlyphOutlineA
GetClipRgn
CreatePalette
SetMapperFlags
DeleteEnhMetaFile
SetRectRgn
SelectClipPath
GetSystemPaletteEntries
DeleteObject
CreateDCA
CreateBitmapIndirect
GdiFlush
CopyMetaFileA
GetPaletteEntries
GetGraphicsMode
FillPath
PtInRegion
CloseEnhMetaFile
GetCurrentObject
PolyPolyline
CreateCompatibleBitmap
GetICMProfileW
GetEnhMetaFileDescriptionW
GetGlyphOutlineW
CreateScalableFontResourceA
DescribePixelFormat
GetTextExtentExPointA
SelectClipRgn
SetPaletteEntries
GetEnhMetaFileBits
GetTextExtentPoint32A
RemoveFontResourceW
SetTextColor
SetSystemPaletteUse
GetStockObject
CreateICW
Pie
GetStretchBltMode
GetObjectA
CopyMetaFileW
CreateDCW
CreateFontIndirectA
Polygon
IntersectClipRect
CopyEnhMetaFileA
SetMapMode
SetViewportOrgEx
GetPixel
CreateEnhMetaFileA
SetStretchBltMode
GetDeviceCaps
GdiComment
SelectPalette
SetPixelV
GetMapMode
PathToRegion
CreateDIBPatternBrush
BeginPath
CreateSolidBrush
EndDoc
SwapBuffers
SetAbortProc
GetMetaFileBitsEx
StrokeAndFillPath
BitBlt
GetPath
GetWindowExtEx
GetViewportOrgEx
CreateMetaFileW
CreateEllipticRgnIndirect
SetPixelFormat
SetPolyFillMode

kernel32

_lwrite
_lwrite
GetDefaultCommConfigW

wininet

InternetLockRequestFile
FindFirstUrlCacheEntryExA
InternetReadFileExA
HttpSendRequestExW
InternetConfirmZoneCrossing
RetrieveUrlCacheEntryStreamA
InternetCreateUrlA
RetrieveUrlCacheEntryFileA
FtpOpenFileW
InternetSetOptionW
GopherCreateLocatorA
FindCloseUrlCache
UnlockUrlCacheEntryStream
InternetSetFilePointer
CommitUrlCacheEntryW
InternetGetLastResponseInfoA
InternetFindNextFileW
InternetCombineUrlA
GopherGetAttributeA
GopherOpenFileA
InternetOpenUrlA
FtpRenameFileA
HttpSendRequestExA
InternetSetOptionExW
InternetReadFile
InternetConnectA
SetUrlCacheEntryInfoA
InternetAttemptConnect
FtpGetCurrentDirectoryW
HttpAddRequestHeadersW
GetUrlCacheEntryInfoExA
InternetQueryOptionW
FindNextUrlCacheEntryW
FindNextUrlCacheEntryExW
CreateUrlCacheGroup
FtpDeleteFileW
InternetAutodial
CreateUrlCacheEntryW
RetrieveUrlCacheEntryFileW
InternetGetConnectedState
InternetHangUp
InternetTimeFromSystemTime
FtpGetFileA
InternetCanonicalizeUrlW
InternetCheckConnectionW
GopherFindFirstFileW
FtpRenameFileW
ReadUrlCacheEntryStream
HttpQueryInfoW
SetUrlCacheEntryGroup
InternetUnlockRequestFile
InternetReadFileExW
GetUrlCacheEntryInfoA
GopherOpenFileW
FtpOpenFileA
CreateUrlCacheEntryA
HttpEndRequestW
InternetErrorDlg
FindNextUrlCacheEntryA
FtpPutFileW
InternetWriteFile
InternetCreateUrlW
HttpOpenRequestA
CommitUrlCacheEntryA
FtpCreateDirectoryW
InternetFindNextFileA
InternetOpenW
InternetQueryDataAvailable
HttpSendRequestW
HttpEndRequestA
InternetSetOptionA

advapi32

LsaEnumerateTrustedDomains
LsaLookupSids
QueryServiceObjectSecurity
ControlService
RegSetValueExA
RegCreateKeyExA
ReportEventA
RegCreateKeyW
RegLoadKeyW
ChangeServiceConfigW
StartServiceCtrlDispatcherW
DecryptFileW
OpenServiceA
RegConnectRegistryW
RegEnumValueA
InitiateSystemShutdownW
StartServiceA
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
RegRestoreKeyW
QueryServiceStatus
RegSetValueExW
RegOpenKeyExW
RegSetValueA
CloseServiceHandle
RegReplaceKeyW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f41ff8566ea09d13f04e5d3309d52725

Headers

File Characteristics

Imports

user32

msvcrt

shell32

gdi32

kernel32

wininet

advapi32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 150KB

.rsrc Size: 144KB - Virtual size: 143KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 150KB

.rsrc
Size: 144KB - Virtual size: 143KB