bcefa9f449147383a7af69701c94f5fc

Sharing

Copy URL

Twitter E-mail

General

Target

bcefa9f449147383a7af69701c94f5fc
Size

2.3MB
MD5

bcefa9f449147383a7af69701c94f5fc
SHA1

30d857b7babc1da2c663034c393276a940df2ebe
SHA256

39d9c0de3117b7c40a61ca01e0a3f9144be9236e0918eae950121c13250b529e
SHA512

34e9e8f22db182505a6f1338403fe1b6d1c3a9bc54963fc3c799a03e73dbef98950bc314a236423bdfd61afeb959eb34aa904efa367639d74d00482ffcf8ce15
SSDEEP

49152:HhKuFUNe7igoCT4rjd+UYoARFiChl+pg/OtJAS5NjOE7fMXz6q0f:SGuFQo8FiChNOYqh7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

bcefa9f449147383a7af69701c94f5fc

resource
bcefa9f449147383a7af69701c94f5fc

Files

bcefa9f449147383a7af69701c94f5fc
.dll regsvr32 windows:4 windows x86 arch:x86

0fd5c010fa6d2f30ac05bc19801dcb40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

QueryServiceObjectSecurity
ChangeServiceConfigW
RevertToSelf
SetSecurityDescriptorOwner
OpenThreadToken
CreateProcessAsUserW
CreateServiceW
QueryServiceConfigW
DeleteService
RegOpenKeyW
OpenServiceW
CreateWellKnownSid
LookupAccountNameW
GetFileSecurityW
CloseServiceHandle
RegEnumKeyExW
GetServiceDisplayNameW
FreeSid
DuplicateTokenEx
SetThreadToken
GetSecurityDescriptorLength
CryptAcquireContextW
GetSecurityDescriptorControl
SetServiceObjectSecurity
ImpersonateLoggedOnUser
EnumDependentServicesW
BuildTrusteeWithSidW
SetEntriesInAclW
CryptCreateHash
StartServiceW
CryptHashData
AddAccessAllowedAce
CopySid
GetSecurityDescriptorGroup
SetFileSecurityW
GetLengthSid
MakeSelfRelativeSD
RegEnumValueA
RegEnumKeyW
InitializeAcl
RegQueryInfoKeyW
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
ControlService
ConvertSidToStringSidW
QueryServiceStatus
RegDeleteKeyW
RegisterEventSourceW
GetSidSubAuthorityCount
RegSetValueExA
RegSetValueExW
LookupPrivilegeValueW
GetSidLengthRequired
RegGetKeySecurity
DuplicateToken
RegEnumValueW
AllocateAndInitializeSid
GetSidSubAuthority
OpenProcessToken
AdjustTokenPrivileges
EqualSid
CryptGetHashParam
RegSetKeySecurity
DeregisterEventSource
SetTokenInformation
SetSecurityDescriptorGroup
PrivilegeCheck
OpenSCManagerW
GetAce
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
RegDeleteValueW
GetTokenInformation
ReportEventW
CryptDestroyHash
IsValidSecurityDescriptor
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
SetSecurityDescriptorDacl
GetUserNameW
RegEnumKeyExA

gdi32

SetBkColor
CreateSolidBrush
DeleteObject
GetDeviceCaps
SelectObject
SetTextColor
EnumFontFamiliesExW
GetTextFaceW
CreateFontIndirectW
AddFontResourceW
GetTextExtentPoint32W
RemoveFontResourceW
GetTextMetricsW
CreateFontW

kernel32

lstrlenW
ReadFile
VirtualProtect
GetCurrentDirectoryW
TerminateThread
CreateThread
DosDateTimeToFileTime
SetFileTime
FindClose
GetLastError
GetUserDefaultLangID
GlobalAlloc
LoadResource
SetEnvironmentVariableW
HeapFree
GetModuleHandleW
OutputDebugStringA
LoadLibraryW
MoveFileExW
GetTickCount
GlobalFree
FileTimeToLocalFileTime
CreateEventW
GetModuleFileNameA
LocalAlloc
GetACP
DeleteFileW
HeapAlloc
CloseHandle
ExitProcess
GetCurrentThread
GetDateFormatW
InitializeCriticalSection
ResumeThread
WaitForMultipleObjects
GetFileTime
FormatMessageW
CompareFileTime
DebugBreak
DeleteCriticalSection
ResetEvent
GlobalUnlock
ExitThread
FileTimeToDosDateTime
SetErrorMode
GetDriveTypeW
GetFileType
FlushFileBuffers
CreateFileW
GetLocaleInfoW
WriteFile
SetEvent
GetCurrentProcessId
OpenMutexW
TerminateProcess
OpenThread
GlobalReAlloc
MultiByteToWideChar
IsDebuggerPresent
UnhandledExceptionFilter
GlobalLock
VirtualAlloc
SizeofResource
SetLastError
QueryPerformanceFrequency
GetCurrentProcess
lstrlenA
GetEnvironmentVariableW
FindResourceExW
GetProfileStringW
SetFileAttributesW
RemoveDirectoryW
LocalFree
EnumResourceLanguagesW
GetComputerNameW
LockResource
ExpandEnvironmentStringsW
GetTimeFormatW
GetExitCodeProcess
GetDiskFreeSpaceExW
GetOverlappedResult
SearchPathW
SetUnhandledExceptionFilter
GetTempFileNameW
TlsGetValue
WriteProfileStringW
GetShortPathNameW
GetDiskFreeSpaceW
FindFirstFileW
GetModuleHandleExW
lstrcmpiA
WritePrivateProfileStringW
LocalFileTimeToFileTime
TlsAlloc
MoveFileW
GetNumberFormatW
GetProcessHeap
GetProcAddress
SetFilePointer
EnumResourceNamesW
EnterCriticalSection
GetExitCodeThread
FreeLibrary
GetVolumeInformationW
CompareStringW
WaitForSingleObject
Sleep
FindNextFileW
LeaveCriticalSection
FreeLibraryAndExitThread
lstrcmpW
CreateFileMappingW
CreateDirectoryW
GetSystemDefaultLangID
LoadLibraryExW
lstrcmpiW
GetUserDefaultUILanguage
GetFileAttributesW
CreateMutexW
GetModuleFileNameW
SystemTimeToFileTime
GetTempPathW
GetPrivateProfileStringW
UnmapViewOfFile
GetCurrentThreadId
MulDiv
OpenEventW
TlsSetValue
WideCharToMultiByte
HeapReAlloc
GetSystemInfo
VirtualFree
IsValidCodePage
MapViewOfFile
QueryPerformanceCounter
GetNativeSystemInfo
GetModuleHandleA
SetEndOfFile
GetFileSize
GetSystemDefaultUILanguage
GetLocalTime
ReleaseMutex
OpenProcess
GetVersionExW
FileTimeToSystemTime
OutputDebugStringW
GetSystemDirectoryW
CompareStringA
TlsFree

msvcrt

_itow
wcstoul
memmove
_XcptFilter
_wcsicmp
memset
_wcsnicmp
qsort
iswdigit
wcsncmp
bsearch
_vsnprintf
srand
wcstol
_vsnwprintf
memcpy
memcmp
wcsstr
_amsg_exit
_ui64tow
time
strtol
_unlock
rand
_CxxThrowException
isdigit
_wtoi64
towlower
_lock
__dllonexit
free
_initterm
_wtoi
malloc
_purecall
_onexit
wcschr

ntdll

RtlDestroyEnvironment
NtUnmapViewOfSection
NtQuerySystemInformation
RtlRandom
RtlRandomEx
RtlGetFullPathName_U
NtMapViewOfSection
RtlCreateEnvironment
NtQueryInformationProcess

ole32

HWND_UserFree
HWND_UserUnmarshal
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
IIDFromString
CoCreateGuid
HWND_UserMarshal
HWND_UserSize

rpcrt4

NdrDllRegisterProxy
RpcAsyncCompleteCall
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
RpcBindingSetAuthInfoExW
NdrOleFree
RpcAsyncInitializeHandle
NdrClientCall2
RpcStringBindingComposeW
NdrDllUnregisterProxy
CStdStubBuffer_Connect
RpcAsyncCancelCall
CStdStubBuffer_Disconnect
RpcStringFreeW
NdrCStdStubBuffer_Release
RpcBindingFromStringBindingW
IUnknown_Release_Proxy
NdrAsyncClientCall
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
I_RpcExceptionFilter
RpcBindingFree

shell32

CommandLineToArgvW

user32

MapWindowPoints
GetDC
DialogBoxParamW
IsWindowVisible
SetWindowLongW
GetUserObjectInformationW
IsDialogMessageW
PostMessageW
PostThreadMessageW
GetWindow
GetSysColor
CharNextA
ShowWindow
SetDlgItemTextW
MoveWindow
CharUpperBuffW
DefWindowProcW
InvalidateRect
IsCharLowerW
RemoveMenu
SetForegroundWindow
GetSystemMenu
EnableWindow
RegisterWindowMessageW
GetClientRect
GetWindowRect
SetWindowPos
DestroyWindow
GetDlgItemTextW
GetProcessWindowStation
RegisterClassW
GetSystemMetrics
EnumWindows
MessageBoxW
PostQuitMessage
DispatchMessageW
GetWindowThreadProcessId
UnregisterClassW
CharPrevW
ReleaseDC
ExitWindowsEx
SetFocus
LoadStringW
TranslateMessage
MsgWaitForMultipleObjects
GetWindowTextW
CharNextW
CreateDialogParamW
SetCursor
CharLowerW
EndDialog
GetActiveWindow
SetWindowTextW
SendMessageTimeoutW
GetWindowTextLengthW
EnableMenuItem
GetWindowLongW
SetUserObjectSecurity
SendDlgItemMessageW
SystemParametersInfoW
DrawTextW
GetFocus
LoadIconW
IsWindowEnabled
CharUpperW
LoadCursorW
CopyRect
SendMessageW
CreateWindowExW

Exports

Exports

DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
DllRegisterServer

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fd5c010fa6d2f30ac05bc19801dcb40

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ntdll

ole32

rpcrt4

shell32

user32

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 27KB - Virtual size: 38KB

.rsrc Size: 714KB - Virtual size: 713KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 27KB - Virtual size: 38KB

.rsrc
Size: 714KB - Virtual size: 713KB

.reloc
Size: 9KB - Virtual size: 8KB