bf0baeedce73785238ace59df3906e68

Sharing

Copy URL

Twitter E-mail

General

Target

bf0baeedce73785238ace59df3906e68
Size

1.8MB
MD5

bf0baeedce73785238ace59df3906e68
SHA1

a7e1a1611189c200c86ef6fcf174beafe2b783bc
SHA256

ec6d01f6c374e83112445655eb88af26a9ec92ff701673c7c42ff5735777a3d2
SHA512

6e711e45b33c9ebe17e0ed6afad8eaf9db530e64313c17d91dc0457fbda44de3ef8603203ddfe2cece4109d00cbd65e3233ec77c8387ca024fabf9cb4e3e854a
SSDEEP

49152:vhtORUwc166NlRq7vLSUtwtkwvbF6CWroWFeZkP9aiK+d:vhtORUB166NHq7vLZcpDF6CWBFeZkP9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf0baeedce73785238ace59df3906e68

Files

bf0baeedce73785238ace59df3906e68
.exe windows:5 windows x86 arch:x86

0b6ce52b13559fc7fd638da8d5c538c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegCloseKey
TraceEvent
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
DuplicateEncryptionInfoFile
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

FreeLibrary
FindFirstFileExW
CompareFileTime
GetStringTypeExW
RaiseException
LocalAlloc
lstrlenW
GetUserDefaultUILanguage
LoadLibraryW
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteFile
CreateFileW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesExW
GetLocalTime
HeapAlloc
GetProcessHeap
FormatMessageW
HeapFree
ExpandEnvironmentStringsW
GetLongPathNameW
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
GetTempFileNameW
FileTimeToSystemTime
GetCalendarInfoW
GetDriveTypeW
GetFullPathNameW
GlobalReAlloc
Sleep
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
WaitForMultipleObjects
SetEvent
LocalFileTimeToFileTime
GetModuleFileNameW
LockResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
GetNumberFormatW
GetLocaleInfoW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrcmpW
SystemTimeToFileTime
GetSystemTime
GlobalFree
GetModuleHandleExW
GetComputerNameW
SetLastError
LoadResource
FindResourceW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
CopyFileW
SetCurrentDirectoryW
RegisterApplicationRestart
HeapSetInformation
GetCurrentThreadId
CompareStringW
GetLastError
MulDiv
lstrcmpiW
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
GetFileAttributesW
DeleteFileW
GetSystemDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
LocalFree
GetProcAddress
LoadLibraryExA

gdi32

GetStockObject
CreateRectRgnIndirect
DeleteObject
SetBkMode
SetBkColor
SetTextColor
LineTo
MoveToEx
CreateSolidBrush
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
SelectObject
CreatePen
BitBlt
GetObjectW
DeleteEnhMetaFile
CopyEnhMetaFileW
GetObjectA
FillRgn
CombineRgn
RestoreDC
SaveDC
SetLayout
PatBlt
GetDIBits
SelectPalette
Polygon
SetDCPenColor
GetTextExtentPoint32W
MaskBlt
GetTextMetricsW
CreateFontIndirectW
GetCharWidthW
CreateFontW
Rectangle
OffsetWindowOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
RealizePalette

user32

SetWindowPlacement
GetWindowPlacement
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
TrackPopupMenu
InsertMenuItemW
SetFocus
GetWindowRect
GetFocus
SetRectEmpty
EnableWindow
SendMessageW
LoadImageW
GetWindowInfo
SystemParametersInfoW
GetDlgItem
DestroyCursor
SetWindowPos
SendMessageTimeoutW
CreateWindowExW
GetSystemMetrics
MoveWindow
GetClientRect
GetDlgCtrlID
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UpdateWindow
GetDC
ReleaseDC
IsWindow
IsWindowVisible
OffsetRect
MonitorFromRect
GetMonitorInfoW
CopyRect
IntersectRect
MessageBeep
PostMessageW
IsWindowEnabled
GetActiveWindow
ClientToScreen
WindowFromPoint
LoadMenuW
GetSubMenu
SetForegroundWindow
GetMenuItemCount
GetMenuItemID
ModifyMenuW
CheckMenuItem
EnableMenuItem
RedrawWindow
MonitorFromWindow
IsRectEmpty
GetSysColor
GetDesktopWindow
IsZoomed
GetSystemMenu
RemoveMenu
InflateRect
SetRect
LoadStringW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LockWindowUpdate
WaitForInputIdle
MessageBoxW
LoadIconW
InvalidateRect
TrackPopupMenuEx
MapWindowPoints
AppendMenuW
DestroyWindow
GetWindowLongW
GetClassInfoW
RegisterClassW
GetWindow
SetCapture
DrawFrameControl
ReleaseCapture
DefWindowProcW
UnionRect
IsChild
GetMessageTime
GetMessagePos
DrawFocusRect
SetWindowLongW
BeginPaint
EndPaint
LoadBitmapW
GetParent
FrameRect
ScreenToClient
GetDlgItemTextW
SetDlgItemTextW
GetKeyboardLayout
CharPrevW
CharNextW
LoadAcceleratorsW
EnumChildWindows
TranslateAcceleratorW
GetNextDlgTabItem
MapDialogRect
ShowWindow
CallWindowProcW
PeekMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
GetProcessDefaultLayout
SetCursorPos
SetCursor
GetCapture
GetCursorPos
GetKeyState
GetScrollPos
SetScrollPos
CheckDlgButton
IsDlgButtonChecked
DestroyIcon
CharLowerW
TrackMouseEvent
InsertMenuW
DrawMenuBar
SetMenuItemBitmaps
DeleteMenu
GetMenuStringW
DestroyMenu
GetForegroundWindow
FindWindowW
PtInRect
GetLastActivePopup
SetActiveWindow
GetMenuItemRect
EqualRect
CreatePopupMenu
SetMenuItemInfoW
DrawEdge
GetAsyncKeyState
GetCursor
GetWindowDC
GetSysColorBrush
GetDoubleClickTime
SetWindowRgn
FillRect
DrawIconEx
DrawTextW
KillTimer
SetTimer
LoadCursorW
IsIconic

mfc42u

ord2036
ord2440
ord1569
ord472
ord283
ord1230
ord3737
ord6168
ord5871
ord3568
ord6437
ord3701
ord4470
ord1085
ord1001
ord2350
ord802
ord3016
ord3688
ord6451
ord613
ord289
ord536
ord4273
ord860
ord942
ord4527
ord4334
ord4341
ord4883
ord4957
ord4954
ord6050
ord1718
ord5277
ord4714
ord5031
ord6212
ord6127
ord326
ord2083
ord4236
ord784
ord364
ord1833
ord3084
ord2362
ord3494
ord2507
ord355
ord3062
ord763
ord483
ord6438
ord1912
ord1231
ord3215
ord5945
ord2559
ord1263
ord1258
ord2225
ord2144
ord1134
ord1562
ord1193
ord1125
ord4197
ord1135
ord1184
ord3093
ord6565
ord2755
ord542
ord1761
ord5597
ord5949
ord3092
ord1165
ord567
ord818
ord1941
ord3133
ord4282
ord2127
ord3000
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord2606
ord2859
ord4294
ord540
ord800
ord538
ord3792
ord1834
ord4237
ord4331
ord366
ord674
ord4451
ord4493
ord5048
ord6211
ord4155
ord861
ord2854
ord6611
ord4158
ord6195
ord6561
ord5248
ord3865
ord975
ord4407
ord4584
ord858
ord4124
ord5852
ord2385
ord1662
ord2644
ord1560
ord268
ord6191
ord2810
ord6868
ord4695
ord2506
ord4430
ord641
ord793
ord656
ord4585
ord4166
ord6307
ord5468
ord2862
ord1130
ord1795
ord3087
ord4215
ord2576
ord3649
ord3658
ord2430
ord1930
ord5278
ord1143
ord1637
ord2858
ord6266
ord1172
ord4118
ord4718
ord2809
ord535
ord2371
ord2992
ord6205
ord3916
ord4279
ord2520
ord2855
ord3915
ord6456
ord4508
ord4219
ord4770
ord2422
ord5867
ord5024
ord5651
ord4421
ord2116
ord1658
ord2641
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5006
ord3345
ord4298
ord5097
ord5094
ord3054
ord2382
ord2715
ord296
ord617
ord5215
ord4269
ord4604
ord561
ord815
ord2613
ord4154
ord520
ord986
ord5208
ord1131
ord2627
ord5499
ord5297
ord1594
ord6113
ord1202
ord5683
ord562
ord816
ord1150
ord1229
ord3917
ord1148
ord2717
ord3341
ord4692
ord1190
ord5285
ord3733
ord4616
ord5710
ord5303
ord4074
ord5298
ord5296
ord2388
ord5193
ord1089
ord5727
ord2504
ord2546
ord4480
ord6371
ord5214
ord609
ord1817
ord4233
ord338
ord652
ord4817
ord6325
ord2820
ord323
ord640
ord3566
ord2406
ord3621
ord1633
ord1634
ord5781
ord2746
ord795
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord4847
ord4370
ord5261
ord5977
ord1937
ord560
ord813
ord2879
ord5848
ord4268
ord2680
ord4717
ord4458
ord3069
ord5256
ord4343
ord5047
ord4426
ord1719
ord3743
ord5236
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord4583
ord6303
ord521
ord413
ord711
ord4162
ord2400
ord384
ord2088
ord2442
ord6793
ord6487
ord620
ord6741
ord2436
ord5244
ord6851
ord5275
ord6922
ord5230
ord6586
ord6585
ord6853
ord2381
ord4116
ord5467
ord4051
ord4358
ord2522
ord6150
ord4263
ord554
ord807
ord2445
ord6617
ord6142
ord2857
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2072
ord616
ord4071
ord5878
ord6193
ord3870
ord1709
ord1704
ord4078
ord1857
ord3725
ord5058
ord6365
ord5080
ord4360
ord3290
ord1899
ord489
ord768
ord2567
ord4390
ord3569
ord3605
ord3614
ord2294
ord4253
ord4704
ord6024
ord2634
ord4352
ord4472
ord1775
ord790
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord3714
ord4736
ord3716
ord5426
ord6390
ord5446
ord6928
ord6379
ord5436
ord4270
ord2070
ord1792
ord293
ord4222
ord2505
ord4846
ord4369
ord4428
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2455
ord771
ord1900
ord1008
ord4425
ord2046
ord5284
ord1683
ord324
ord4229
ord1831
ord361
ord4224
ord2508
ord3014
ord2637
ord2910
ord5568
ord940
ord6865
ord2885
ord927
ord6279
ord5706
ord6278
ord496
ord4254
ord4709
ord537

msvcp60

?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcrt

swscanf
calloc
wcsncmp
towlower
iswupper
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
wcstoul
_ultow
_purecall
_ltow
qsort
_itow
wcsrchr
tolower
strstr
_wtol
wcschr
iswspace
memmove
_wcsnicmp
free
ceil
_wcsicmp
_wtoi
_vsnwprintf
_CIpow
__CxxFrameHandler3
__RTDynamicCast
_ftol2
_ftol2_sse
memcmp
memcpy
strchr
iswpunct
iswlower
towupper
memset

atl

ord31
ord30

ntdll

WinSqmIncrementDWORD
WinSqmIsOptedIn
EtwTraceMessage

comctl32

CreatePropertySheetPageW
ImageList_AddMasked
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_GetIconSize
ImageList_Destroy
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Add
ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ord345

shell32

SHGetFileInfoW
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
SHGetFolderLocation
SHCreateDirectoryExW
SHSetLocalizedName
SHPathPrepareForWriteW
SHGetFolderPathW
ShellAboutW
ShellExecuteExW
SHGetSettings
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderPathAndSubDirW
SHFileOperationW
ShellExecuteW
SHAddToRecentDocs

shlwapi

PathAddBackslashW
PathAppendW
StrRetToBufW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathCompactPathExW
PathRemoveExtensionW
PathFileExistsW
PathStripPathW
PathGetDriveNumberW
SHDeleteValueW
PathCombineW
PathGetCharTypeW
PathRenameExtensionW
PathIsUNCServerW
PathFindSuffixArrayW
StrToIntW
PathIsNetworkPathW
StrChrW
PathStripToRootW
StrFormatByteSizeW
PathRemoveBackslashW
PathCommonPrefixW
PathAddExtensionW
StrToInt64ExW
PathCompactPathW
SHDeleteKeyW
PathUnquoteSpacesW

ole32

PropVariantCopy
PropVariantClear
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
StgCreateStorageEx
StgOpenStorageEx
CoGetClassObject
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromBool
VarBstrFromI4
VarR8FromStr
SysAllocStringLen
SysStringLen
SysFreeString
SafeArrayCreate
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeSysColorBrush
IsThemeActive
GetThemeColor
GetThemeSysFont
OpenThemeData

gdiplus

GdipCreateBitmapFromHBITMAP
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneBitmapAreaI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetDC
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipReleaseDC
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipCreateBitmapFromGraphics
GdipFillRectangleI

Sections

.text
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b6ce52b13559fc7fd638da8d5c538c2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcp60

msvcrt

atl

ntdll

comctl32

shell32

shlwapi

ole32

oleaut32

uxtheme

gdiplus

Sections

.text Size: 833KB - Virtual size: 833KB

.data Size: 16KB - Virtual size: 23KB

.idata Size: 18KB - Virtual size: 18KB

.rsrc Size: 874KB - Virtual size: 874KB

.reloc Size: 69KB - Virtual size: 68KB

.text
Size: 833KB - Virtual size: 833KB

.data
Size: 16KB - Virtual size: 23KB

.idata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 874KB - Virtual size: 874KB

.reloc
Size: 69KB - Virtual size: 68KB