1e795d8c4a03fa076a601d772459dd92

Sharing

Copy URL Twitter E-mail

General

Target

1e795d8c4a03fa076a601d772459dd92
Size

617KB
MD5

1e795d8c4a03fa076a601d772459dd92
SHA1

4823004e7718bf6d22a808907200f33cf9fa4c08
SHA256

992b24570a39de08f89a8460e3fb36f125cf9b740f93accb2ec1bba1e0e0d681
SHA512

bbb09e7e6bc5cc5ae606bbb9db5bdbd05598b7388a7983e694285b1e071aa3ce5e8792699e07817ab933da3923beb86bf16992a7987bc8c6bc4b5570f68a560a
SSDEEP

12288:aBaJrucb9PALV/07YA6G6dRFPNmuXkjhHtqrgurycdDPn8SHOvZHtr:iapbEtDdPUuXIH+gfw8SHOxNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bookmark Buddy/BmkBuddy.exe
unpack001/Bookmark Buddy/urlorgIE.dll

Files

1e795d8c4a03fa076a601d772459dd92
.rar
Bookmark Buddy/BmkBuddy.chm
.chm
Bookmark Buddy/BmkBuddy.exe
.exe windows:4 windows x86 arch:x86

013742400c99b848d406bcaa4d395269

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

gethostbyname

user32

SetWindowContextHelpId

gdi32

GetMapMode

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyA

shell32

DragQueryFileA

comctl32

ord14

shlwapi

PathIsRelativeA

wininet

InternetReadFile

oledlg

ord8

ole32

CreateStreamOnHGlobal

oleaut32

SysAllocStringLen

Sections

.text
Size: 411KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bookmark Buddy/Default.bkl
Bookmark Buddy/ReadMe.txt
Bookmark Buddy/Templates/Blank (documented).txt
Bookmark Buddy/Templates/MSN.txt
Bookmark Buddy/Templates/Netscape.txt
Bookmark Buddy/Templates/Opera.txt
Bookmark Buddy/Templates/Printable (html).txt
Bookmark Buddy/Templates/Printable (text).txt
Bookmark Buddy/Templates/Spreadsheet (Excel XML).txt
Bookmark Buddy/Templates/Spreadsheet (Excel).txt
Bookmark Buddy/Templates/Spreadsheet (csv).txt
Bookmark Buddy/Templates/Spreadsheet (tab).txt
Bookmark Buddy/Templates/URL Organizer.txt
Bookmark Buddy/Templates/Web Page (dhtml + popups).txt
.js
Bookmark Buddy/Templates/Web Page (dhtml).txt
.js
Bookmark Buddy/Templates/Web Page (html).txt
Bookmark Buddy/Templates/XML.txt
Bookmark Buddy/urlorgIE.dll
.dll regsvr32 windows:4 windows x86 arch:x86

137e50e6c11310f50a2a0c3b861dd07e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcpyA
lstrcatA
GetModuleFileNameA
DisableThreadLibraryCalls
EnterCriticalSection
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedIncrement
InterlockedExchange
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
RtlUnwind
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle

user32

CharNextA

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString
RegisterActiveObject
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
RevokeActiveObject

rpcrt4

NdrOleAllocate
IUnknown_Release_Proxy
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleFree

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 43B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013742400c99b848d406bcaa4d395269

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

wininet

oledlg

ole32

oleaut32

Sections

.text Size: 411KB - Virtual size: 1.0MB

.rsrc Size: 19KB - Virtual size: 20KB

137e50e6c11310f50a2a0c3b861dd07e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.orpc Size: 4KB - Virtual size: 43B

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 411KB - Virtual size: 1.0MB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 32KB - Virtual size: 31KB

.orpc
Size: 4KB - Virtual size: 43B

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB