BitMargo[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BitMargo.exe
Size

4.4MB
MD5

777d850e741ec58bf3090c2c208a5cb1
SHA1

71693d0d1f388fc07b4e794107f25c87ee60aebf
SHA256

182d449af341e4136627374d2f11085beee7a1831833d7554cdea84741d7b293
SHA512

d0188737eaf5b6c4f828b19f11aea26f4a6f4e63587ba55aac62f78f2677b9bcf43a89b6a0e021035c70673b1e8c78cb9a3a055520f1c3f215da089232dde0e0
SSDEEP

49152:/tzNpe0uiTbzhwPCNgBqwalRpttDUhhL4eA8ChReTe11z/63LAAtsqakZjdwb6nL:/tBpeS3K2uKptCos9LhP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BitMargo.exe

Files

BitMargo.exe
.exe windows:6 windows x64 arch:x64

720a2ddba5bbd7cf4fbc596b5e6a0746

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
QueryContextAttributesW
LsaGetLogonSessionData
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer

kernel32

TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
FreeLibrary
PostQueuedCompletionStatus
lstrlenW
IsProcessorFeaturePresent
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SwitchToThread
GetCurrentThreadId
GetModuleHandleW
AcquireSRWLockExclusive
WakeAllConditionVariable
GetComputerNameExW
GetLogicalProcessorInformationEx
SetFilePointerEx
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
SleepConditionVariableSRW
WakeConditionVariable
GetSystemInfo
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
SetHandleInformation
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
LoadLibraryW
InitializeSListHead

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtQuerySystemInformation
RtlGetVersion
NtReadFile
NtQueryInformationProcess
NtWriteFile

crypt32

CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertDuplicateStore
CertGetCertificateChain
CertCloseStore

user32

GetActiveWindow
EnumChildWindows
GetWindowLongPtrW
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
SetCapture
SetWindowLongW
SendMessageW
DestroyWindow
PostThreadMessageW
EnableMenuItem
GetSystemMenu
ClipCursor
GetClipCursor
ChangeDisplaySettingsExW
SetWindowPlacement
IsProcessDPIAware
ShowCursor
GetDC
GetCursorPos
GetMessageW
TranslateMessage
SystemParametersInfoA
GetWindowPlacement
ReleaseCapture
PeekMessageW
MsgWaitForMultipleObjectsEx
RedrawWindow
PostQuitMessage
PostMessageW
ShowWindow
CreateIcon
GetMonitorInfoW
SetWindowLongPtrW
GetAsyncKeyState
GetKeyState
GetKeyboardState
GetWindowLongW
IsIconic
DispatchMessageA
DestroyAcceleratorTable
GetClientRect
ClientToScreen
TrackMouseEvent
DestroyIcon
AdjustWindowRectEx
CreateAcceleratorTableW
SetMenu
InvalidateRgn
SetWindowDisplayAffinity
SendInput
SetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
RegisterClassExW
GetMenu
DispatchMessageW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
CreateWindowExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetCursor
LoadCursorW
DefWindowProcW
SetWindowPos
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
GetWindowRect
GetMessageA
MonitorFromRect
RegisterWindowMessageA

ws2_32

WSAIoctl
socket
ioctlsocket
connect
getsockopt
getsockname
setsockopt
getaddrinfo
freeaddrinfo
getpeername
WSAStartup
WSACleanup
WSAGetLastError
WSASocketW
closesocket
shutdown
WSASend
send
recv
bind

ole32

CoUninitialize
OleInitialize
RegisterDragDrop
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
RevokeDragDrop

comctl32

DefSubclassProc
SetWindowSubclass
RemoveWindowSubclass

shell32

DragFinish
SHCreateItemFromParsingName
CommandLineToArgvW
DragQueryFileW
SHAppBarMessage

shlwapi

AssocQueryStringW

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

bcrypt

BCryptGenRandom

advapi32

IsValidSid
GetLengthSid
CopySid
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
SystemFunction036
RegCloseKey

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCloseQuery

psapi

GetModuleFileNameExW
GetPerformanceInfo

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable
GetAdaptersAddresses

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

powrprof

CallNtPowerInformation

oleaut32

SysAllocStringLen
SafeArrayGetUBound
SysStringLen
SafeArrayAccessData
VariantClear
GetErrorInfo
SafeArrayUnaccessData
SetErrorInfo
SafeArrayGetLBound
SysAllocString
SysFreeString

uxtheme

SetWindowTheme

vcruntime140

_CxxThrowException
memset
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__current_exception_context
__current_exception
memcmp
__C_specific_handler
_purecall
wcsrchr
memcpy
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

truncf
powf
__setusermatherr
trunc
round
ceilf
exp2f
floor
floorf
roundf
pow
ceil

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_crt_atexit
_cexit
_c_exit
_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

720a2ddba5bbd7cf4fbc596b5e6a0746

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

ntdll

crypt32

user32

ws2_32

ole32

comctl32

shell32

shlwapi

gdi32

dwmapi

bcrypt

advapi32

pdh

psapi

iphlpapi

netapi32

powrprof

oleaut32

uxtheme

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 1024B - Virtual size: 12KB

.pdata Size: 70KB - Virtual size: 70KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 70KB - Virtual size: 70KB

.reloc
Size: 28KB - Virtual size: 28KB