686437fcec15e0e7ffb250cda9d00dde

Sharing

Copy URL Twitter E-mail

General

Target

686437fcec15e0e7ffb250cda9d00dde
Size

350KB
MD5

686437fcec15e0e7ffb250cda9d00dde
SHA1

e2ea63d84561615293f71bbefdac1d66f9d0c4af
SHA256

8f3d305081d6534da231f79eb620110b37c399c1334993be7d699c33d40b5949
SHA512

e90c74fdb089b5c20f8e2e54384ec905217971243f7e32758524167eace0ba67acd40b50e523b0d627f7e004bfad6e5fea15e165c38683eb8272452963c05d63
SSDEEP

6144:uvfqKY9dflw1/jNL+SSQYdUVneIX/elfystYwu2OLv+nWfVzVEwnZXr5vVhI/Db:uvzuE/R+jQYd6eIXmDtYR3r+naOwZ75a

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BeholderTool792.exe
unpack001/rinst.exe

Files

686437fcec15e0e7ffb250cda9d00dde
.rar
BeholderTool792.exe
.exe windows:4 windows x86 arch:x86

ef0a029650ee21cd7a4179dd8659b554

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
GetTimeZoneInformation
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
CreateFileA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
InitializeCriticalSection
InterlockedExchange
VirtualQuery
FlushFileBuffers
ReadFile
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
MultiByteToWideChar
GlobalSize
SetFilePointer
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
GetCPInfo
GetOEMCP
GetACP
SetUnhandledExceptionFilter
GetCurrentThread
SetLastError
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
FatalAppExitA
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetStartupInfoA
GetFileAttributesA
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentDirectoryA
GetVersion
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GlobalAddAtomA
OpenProcess
WriteProcessMemory
GetModuleHandleA
ReadProcessMemory
Sleep
CreateThread
ResumeThread
SetThreadPriority
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
GetLocaleInfoA
GetNumberFormatA
GetModuleFileNameA
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
GetSystemTimeAsFileTime
HeapValidate
IsBadReadPtr
IsBadWritePtr
GetLastError
ExitProcess
RtlUnwind
RaiseException
DebugBreak
GetVersionExA
GetProcAddress
LoadLibraryA
GetLocaleInfoW

user32

OpenClipboard
DrawTextA
GetIconInfo
GetDC
ReleaseDC
MoveWindow
ScreenToClient
FindWindowExA
GetClientRect
EnableWindow
RegisterWindowMessageA
RedrawWindow
DrawAnimatedRects
GetWindowLongA
SetWindowLongA
SetParent
EnumChildWindows
SystemParametersInfoA
GetWindowRect
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetMenuItemID
LoadMenuA
GetSubMenu
DestroyMenu
SetMenuDefaultItem
IsWindow
KillTimer
DispatchMessageA
LoadImageA
DestroyIcon
CreateWindowExA
SetTimer
GetClipboardData
CloseClipboard
GetDlgItemTextA
MessageBoxA
SetDlgItemTextA
SendDlgItemMessageA
CheckDlgButton
RegisterHotKey
GetForegroundWindow
GetClassNameA
GetWindowThreadProcessId
FindWindowA
GetAsyncKeyState
GetWindowTextA
ShowWindow
IsWindowVisible
SetActiveWindow
IsDlgButtonChecked
EndDialog
GetDlgItem
SendMessageA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
DialogBoxParamA
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
GetMessageA
TranslateMessage

gdi32

ExtSelectClipRgn
CreateFontIndirectA
GetStockObject
SetTextColor
SetBkMode
StretchDIBits
RectVisible
CreateCompatibleBitmap
CreateBitmap
SetBkColor
StretchBlt
GetClipBox
CreateRectRgnIndirect
SetStretchBltMode
SetDIBitsToDevice
BitBlt
DeleteObject
GetObjectA
SelectObject
RealizePalette
GetDIBits
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateDIBitmap

comdlg32

GetOpenFileNameA

shell32

SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHAppBarMessage
Shell_NotifyIconA

Exports

Exports

??0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@PAEK@Z
??1CxExifInfo@CxImageJPG@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Alloc@CxMemFile@@IAEXK@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?BlendPalette@CxImage@@QAEXKJ@Z
?BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z
?BlindGetPixelColor@CxImage@@IAE?AUtagRGBQUAD@@JJ@Z
?BlindGetPixelIndex@CxImage@@IAEEJJ@Z
?BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z
?Clear@CxImage@@QAEXE@Z
?Close@CxIOFile@@UAE_NXZ
?Close@CxMemFile@@UAE_NXZ
?CompareColors@CxImage@@KAHPBX0@Z
?ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z
?Copy@CxImage@@QAEXABV1@_N11@Z
?CopyInfo@CxImage@@IAEXABV1@@Z
?CopyToHandle@CxImage@@QAEPAXXZ
?Create@CxImage@@QAEPAXKKKK@Z
?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z
?CreateFromHANDLE@CxImage@@QAE_NPAX@Z
?CreateFromHBITMAP@CxImage@@QAE_NPAUHBITMAP__@@PAUHPALETTE__@@@Z
?CreateFromHICON@CxImage@@QAE_NPAUHICON__@@@Z
?CreateFromMatrix@CxImage@@QAE_NPAPAEKKKK_N@Z
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?DecodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@H@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAVCxFile@@@Z
?Destroy@CxImage@@QAE_NXZ
?DiscardAllButExif@CxExifInfo@CxImageJPG@@QAEXXZ
?Draw2@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@@Z
?Draw2@CxImage@@QAEJPAUHDC__@@JJJJ@Z
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z
?DrawLine@CxImage@@QAEXHHHHK@Z
?DrawLine@CxImage@@QAEXHHHHUtagRGBQUAD@@_N@Z
?DrawString@CxImage@@QAEJPAUHDC__@@JJPBDUtagRGBQUAD@@1JJEE_N@Z
?DrawStringEx@CxImage@@QAEJPAUHDC__@@JJPAUtagCxTextInfo@1@_N@Z
?Enable@CxImage@@QAEX_N@Z
?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ@Z
?Encode2RGBA@CxImage@@QAE_NPAVCxFile@@@Z
?Encode@CxImage@@QAE_NAAPAEAAJK@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@K@Z
?Encode@CxImage@@QAE_NPAU_iobuf@@PAPAV1@HK@Z
?Encode@CxImage@@QAE_NPAVCxFile@@K@Z
?Encode@CxImage@@QAE_NPAVCxFile@@PAPAV1@HK@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAVCxFile@@@Z
?EncodeExif@CxExifInfo@CxImageJPG@@QAE_NPAVCxFile@@@Z
?EncodeSafeCheck@CxImage@@IAE_NPAVCxFile@@@Z
?Eof@CxIOFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Error@CxMemFile@@UAEJXZ
?FindSection@CxExifInfo@CxImageJPG@@IAEPAXH@Z
?Flush@CxIOFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Free@CxMemFile@@IAEXXZ
?FreeMemory@CxImage@@QAEXPAX@Z
?Get16m@CxExifInfo@CxImageJPG@@IAEHPAX@Z
?Get16u@CxExifInfo@CxImageJPG@@IAEHPAX@Z
?Get32s@CxExifInfo@CxImageJPG@@IAEJPAX@Z
?Get32u@CxExifInfo@CxImageJPG@@IAEKPAX@Z
?GetBits@CxImage@@QAEPAEK@Z
?GetBpp@CxImage@@QBEGXZ
?GetBuffer@CxMemFile@@QAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetC@CxMemFile@@UAEJXZ
?GetClrImportant@CxImage@@QBEKXZ
?GetCodecOption@CxImage@@QAEKK@Z
?GetColorType@CxImage@@QAEEXZ
?GetDIB@CxImage@@QBEPAXXZ
?GetEffWidth@CxImage@@QBEKXZ
?GetEscape@CxImage@@QBEJXZ
?GetFlags@CxImage@@QBEKXZ
?GetFrame@CxImage@@QBEJXZ
?GetFrameDelay@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?GetJpegQuality@CxImage@@QBEEXZ
?GetJpegScale@CxImage@@QBEEXZ
?GetLastError@CxImage@@QAEPBDXZ
?GetNearestIndex@CxImage@@QAEEUtagRGBQUAD@@@Z
?GetNumColors@CxImage@@QBEKXZ
?GetNumFrames@CxImage@@QBEJXZ
?GetOffset@CxImage@@QAEXPAJ0@Z
?GetPalette@CxImage@@QBEPAUtagRGBQUAD@@XZ
?GetPaletteColor@CxImage@@QAE?AUtagRGBQUAD@@E@Z
?GetPaletteColor@CxImage@@QAE_NEPAE00@Z
?GetPaletteSize@CxImage@@QAEKXZ
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@JJ_N@Z
?GetPixelGray@CxImage@@QAEEJJ@Z
?GetPixelIndex@CxImage@@QAEEJJ@Z
?GetProgress@CxImage@@QBEJXZ
?GetSize@CxImage@@QAEJXZ
?GetTransColor@CxImage@@QAE?AUtagRGBQUAD@@XZ
?GetTransIndex@CxImage@@QBEJXZ
?GetType@CxImage@@QBEKXZ
?GetVersion@CxImage@@QAEPBDXZ
?GetVersionNumber@CxImage@@QAE?BMXZ
?GetWidth@CxImage@@QBEKXZ
?GetXDPI@CxImage@@QBEJXZ
?GetYDPI@CxImage@@QBEJXZ
?Ghost@CxImage@@IAEXPAV1@@Z
?InitTextInfo@CxImage@@QAEXPAUtagCxTextInfo@1@@Z
?IsEnabled@CxImage@@QBE_NXZ
?IsGrayScale@CxImage@@QAE_NXZ
?IsIndexed@CxImage@@QBE_NXZ
?IsInside@CxImage@@QAE_NJJ@Z
?IsSamePalette@CxImage@@QAE_NAAV1@_N@Z
?IsTransparent@CxImage@@QAE_NJJ@Z
?IsTransparent@CxImage@@QBE_NXZ
?IsValid@CxImage@@QBE_NXZ
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?Open@CxMemFile@@QAE_NXZ
?ProcessExifDir@CxExifInfo@CxImageJPG@@IAE_NPAE0IQAUtag_ExifInfo@2@QAPAE@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?PutC@CxMemFile@@UAE_NE@Z
?RGBQUADtoRGB@CxImage@@SAKUtagRGBQUAD@@@Z
?RGBtoBGR@CxImage@@IAEXPAEH@Z
?RGBtoRGBQUAD@CxImage@@SA?AUtagRGBQUAD@@K@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Read@CxMemFile@@UAEIPAXII@Z
?Save@CxImage@@QAE_NPBDK@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Seek@CxMemFile@@UAE_NJH@Z
?SetClrImportant@CxImage@@QAEXK@Z
?SetCodecOption@CxImage@@QAE_NKK@Z
?SetEscape@CxImage@@QAEXJ@Z
?SetFlags@CxImage@@QAEXK_N@Z
?SetFrame@CxImage@@QAEXJ@Z
?SetFrameDelay@CxImage@@QAEXK@Z
?SetGrayPalette@CxImage@@QAEXXZ
?SetJpegQuality@CxImage@@QAEXE@Z
?SetJpegScale@CxImage@@QAEXE@Z
?SetOffset@CxImage@@QAEXJJ@Z
?SetPalette@CxImage@@QAEXKPAE00@Z
?SetPalette@CxImage@@QAEXPAUrgb_color@1@K@Z
?SetPalette@CxImage@@QAEXPAUtagRGBQUAD@@K@Z
?SetPaletteColor@CxImage@@QAEXEEEEE@Z
?SetPaletteColor@CxImage@@QAEXEK@Z
?SetPaletteColor@CxImage@@QAEXEUtagRGBQUAD@@@Z
?SetPixelColor@CxImage@@QAEXJJK@Z
?SetPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@_N@Z
?SetPixelIndex@CxImage@@QAEXJJE@Z
?SetProgress@CxImage@@QAEXJ@Z
?SetStdPalette@CxImage@@QAEXXZ
?SetTransColor@CxImage@@QAEXUtagRGBQUAD@@@Z
?SetTransIndex@CxImage@@QAEXJ@Z
?SetXDPI@CxImage@@QAEXJ@Z
?SetYDPI@CxImage@@QAEXJ@Z
?Size@CxIOFile@@UAEJXZ
?Size@CxMemFile@@UAEJXZ
?Startup@CxImage@@IAEXK@Z
?Stretch@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@K@Z
?Stretch@CxImage@@QAEJPAUHDC__@@JJJJK@Z
?SwapIndex@CxImage@@QAEXEE@Z
?Tell@CxIOFile@@UAEJXZ
?Tell@CxMemFile@@UAEJXZ
?Tile@CxImage@@QAEJPAUHDC__@@PAUtagRECT@@@Z
?Transfer@CxImage@@QAE_NAAV1@@Z
?Write@CxIOFile@@UAEIPBXII@Z
?Write@CxMemFile@@UAEIPBXII@Z
?process_COM@CxExifInfo@CxImageJPG@@IAEXPBEH@Z
?process_EXIF@CxExifInfo@CxImageJPG@@IAE_NPAEI@Z
?process_SOFn@CxExifInfo@CxImageJPG@@IAEXPBEH@Z

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bpk.exe
bpkhk.dll
inst.dat
pk.bin
rinst.exe
.exe windows:4 windows x86 arch:x86

7ca32fe06cef41cf114a012e2f8f89d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
lstrcmpiW
GetProcAddress
GetModuleHandleW
GetVersionExW
LoadLibraryW
FreeLibrary
CloseHandle
OpenProcess
GetLastError
MultiByteToWideChar
GetSystemDirectoryW
ReadFile
GetFileSize
CreateFileW
lstrcatW
lstrcpyW
lstrcpynW
CreateDirectoryW
SetFileTime
SystemTimeToFileTime
GetSystemTime
WriteFile
DeleteFileW
CreateProcessW
Sleep
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
lstrlenW
CopyFileW
GetTempPathW
FileTimeToSystemTime
GetFileTime
TerminateProcess
GetCurrentProcess
GetModuleFileNameW
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

user32

PostMessageW
CharLowerW
FindWindowW

shell32

ShellExecuteW

msvcrt

__getmainargs
??3@YAXPAX@Z
wcscpy
wcslen
memcpy
??2@YAPAXI@Z
wcschr
memset
__p___argv
__p___argc
wcsrchr
__CxxFrameHandler
_EH_prolog
_exit
_XcptFilter
exit
_acmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef0a029650ee21cd7a4179dd8659b554

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 412KB - Virtual size: 409KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 5KB

7ca32fe06cef41cf114a012e2f8f89d5

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Sections

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 19KB

.text
Size: 412KB - Virtual size: 409KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 19KB