7f4a39dfc260c7cb42a35fe730cd70ff

Sharing

Copy URL Twitter E-mail

General

Target

7f4a39dfc260c7cb42a35fe730cd70ff
Size

157KB
MD5

7f4a39dfc260c7cb42a35fe730cd70ff
SHA1

5dc86682ce2ecb4149ccf363212eae185d11ac60
SHA256

88c3b01495665b53004b67f84bc9b7ac3c338c11178c5a96d01f2210edbe8801
SHA512

42c0a0ebfad91e94a3e5e60ce4ea83f78fc6bd952b5fe60e9e228ff58a33a65966f14c564ced7c30b49cc274f347a2f5999b206370fc333812c22d9ab7365c97
SSDEEP

3072:W4Xb7hDk9PBHsUhgOoF+2xeF4QKt52SgmU7uTHbrrA4/GZL9/DENTZB8OnUjagN5:nXbZk9PVsUwNeSQKt54miuzbHADp4Fin

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BHRAMA/ASM/CLIENT.EXE
unpack001/BHRAMA/TARGET.EXE
unpack002/PTCLIENT.exe
unpack001/PROCDUMP.EXE
unpack001/PSAPI.DLL
unpack001/SECUROM/LOADER.EXE
unpack001/VBOX42/UNBOX.EXE
unpack001/VXDBODY.KMD

Files

7f4a39dfc260c7cb42a35fe730cd70ff
.zip
BHRAMA.TXT
BHRAMA/ASM/BMAKE
BHRAMA/ASM/CLIENT.ASM
BHRAMA/ASM/CLIENT.DEF
BHRAMA/ASM/CLIENT.EXE
.exe windows:4 windows x86 arch:x86

563ca700e6e36b8d9a1e6717091e066c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
SendMessageA
FindWindowA

kernel32

CreateProcessA
ExitProcess
SuspendThread
TerminateProcess

Sections

.text
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BHRAMA/ASM/CLIENT.MAP
BHRAMA/ASM/CLIENT.OBJ
BHRAMA/ASM/CLIENT.RC
BHRAMA/ASM/CLIENT.RES
BHRAMA/ASM/ICON1.ICO
BHRAMA/ASM/MMAKE
BHRAMA/ASM/WIN32.INC
BHRAMA/C/BHRAMA.C
BHRAMA/C/BHRAMA.H
BHRAMA/C/BHRAMA~1.H
BHRAMA/C/MAIN.C
BHRAMA/TARGET.EXE
.exe windows:1 windows x86 arch:x86

70f4b2f826c929117f5ac9cefa0704f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess
CreateFileA

user32

MessageBoxA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ENDOFPD.TXT
FILE_ID.DIZ
HISTORY.TXT
LICENSE.TXT
PETITE/pt21client.zip
.zip
PTCLIENT.exe
.exe windows:4 windows x86 arch:x86

94c7366d739e7bf962bb011f2c5fab76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GlobalAlloc
ExitProcess

Sections

pcs1
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pcs2
Size: 19KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
logo.bmp
petite21.txt
ptclient.asm
ptclient.ico
ptclient.inc
rsrc.rc
PROCDUMP.EXE
.exe windows:4 windows x86 arch:x86

104c0252a66ac1415b31981c7d3dd7a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

user32

GetWindowRect
GetMessageA
IsDialogMessage
CreateWindowExA
UpdateWindow
TrackPopupMenu
GetSubMenu
LoadMenuA
MessageBoxA
MessageBeep
PostQuitMessage
DefWindowProcA
DialogBoxParamA
MoveWindow
EndDialog
LoadCursorA
GetDesktopWindow
SetFocus
CharLowerA
CharUpperA
SendDlgItemMessageA
SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SendMessageA
GetWindowTextLengthA
DispatchMessageA
TranslateMessage
LoadIconA
ShowWindow
RegisterClassExA
AppendMenuA
DestroyMenu
FindWindowA
EnableWindow
InvalidateRect
IsDlgButtonChecked
CreatePopupMenu
CheckDlgButton
CheckRadioButton

kernel32

LoadLibraryA
WritePrivateProfileStringA
GetCurrentDirectoryA
FreeLibrary
DeleteFileA
VirtualProtect
Sleep
ContinueDebugEvent
WaitForDebugEvent
CreateProcessA
SetThreadContext
GetThreadContext
WriteProcessMemory
TerminateProcess
WaitForSingleObject
IsBadReadPtr
GetSystemDirectoryA
GetFileSize
SetFilePointer
WriteFile
VirtualFree
VirtualAlloc
GetLastError
GetPrivateProfileStringA
DeviceIoControl
GetTempFileNameA
GetTempPathA
GetProcAddress
GetTickCount
GetVersionExA
CloseHandle
CreateThread
ResumeThread
SuspendThread
SetThreadPriority
OpenProcess
ReadProcessMemory
GetCurrentProcessId
CreateFileA
ReadFile
GetModuleHandleA
ExitProcess

gdi32

CreateFontIndirectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

comctl32

ord17

advapi32

CloseServiceHandle
DeleteService
StartServiceA
ControlService
OpenSCManagerA
OpenServiceA
CreateServiceA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROCDUMP.TXT
PSAPI.DLL
.dll windows:4 windows x86 arch:x86

a4a490c21d01966c848ea3a2f92fda2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtCreateProfile
RtlMultiByteToUnicodeN
RtlNtStatusToDosError
_stricmp
RtlUnwind
atoi
sprintf
NtStopProfile
RtlUnicodeToOemN
_chkstk
RtlAdjustPrivilege
NtAllocateVirtualMemory
NtSetIntervalProfile
NtStartProfile
DbgPrint
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
SetProcessWorkingSetSize
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
lstrcpyA
GetProcessHeap
LocalFree
SetLastError
LocalAlloc
GetSystemInfo
lstrlenA
HeapAlloc

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 846B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RUNME.COM
SCRIPT.INI
SCRIPT.TXT
SECUROM/LOADER.EXE
.exe windows:4 windows x86 arch:x86

9c8235038c1f3f5f5c320877390e88c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateFileA
CreateProcessA
DeviceIoControl
ExitProcess
GetLastError
SuspendThread
CloseHandle

user32

MessageBoxA
SendMessageA
FindWindowA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SECUROM/README.TXT
SECUROM/VSRMPD.VXD
UNPACK.TXT
VBOX42/README.TXT
VBOX42/UNBOX.EXE
.exe windows:1 windows x86 arch:x86

94c7366d739e7bf962bb011f2c5fab76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
GlobalAlloc
ExitProcess

Sections

pcs1
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pcs2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pcs3
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VXDBODY.KMD
.sys windows:1 windows x86 arch:x86

d575aadb966c6da2668d389a9c0da6d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntoskrnl.exe

IoCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
RtlInitUnicodeString
DbgPrint

Sections

CODE
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VXDBODY.VXD
WWW.TXT

Sharing

General

Malware Config

Signatures

Files

563ca700e6e36b8d9a1e6717091e066c

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 512B - Virtual size: 260B

.data Size: 512B - Virtual size: 234B

.idata Size: 512B - Virtual size: 270B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 512B - Virtual size: 94B

70f4b2f826c929117f5ac9cefa0704f1

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

94c7366d739e7bf962bb011f2c5fab76

Headers

File Characteristics

Imports

kernel32

Sections

pcs1 Size: 3KB - Virtual size: 12KB

pcs2 Size: 19KB - Virtual size: 43KB

104c0252a66ac1415b31981c7d3dd7a7

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

comdlg32

comctl32

advapi32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 10KB - Virtual size: 34KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 5KB - Virtual size: 4KB

a4a490c21d01966c848ea3a2f92fda2b

Headers

File Characteristics

Imports

ntdll

kernel32

imagehlp

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 1024B - Virtual size: 846B

9c8235038c1f3f5f5c320877390e88c1

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Sections

.text Size: 512B - Virtual size: 480B

.rdata Size: 512B - Virtual size: 434B

.data Size: 2KB - Virtual size: 1KB

94c7366d739e7bf962bb011f2c5fab76

.text
Size: 512B - Virtual size: 260B

.data
Size: 512B - Virtual size: 234B

.idata
Size: 512B - Virtual size: 270B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 94B

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

pcs1
Size: 3KB - Virtual size: 12KB

pcs2
Size: 19KB - Virtual size: 43KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 34KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 1024B - Virtual size: 846B

.text
Size: 512B - Virtual size: 480B

.rdata
Size: 512B - Virtual size: 434B

.data
Size: 2KB - Virtual size: 1KB

pcs1
Size: 1KB - Virtual size: 12KB

pcs2
Size: - Virtual size: 4KB

pcs3
Size: 2KB - Virtual size: 25KB

CODE
Size: 1024B - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB