badfe60f51c174db5afe138c71d2d3dd

Sharing

Copy URL Twitter E-mail

General

Target

badfe60f51c174db5afe138c71d2d3dd
Size

125KB
MD5

badfe60f51c174db5afe138c71d2d3dd
SHA1

dca36025ff8f3ce8de6e430470d7acfb38bbc0e0
SHA256

4e15dace328717d4099e8a92dd7f053a55a8ae8f600f58cc892d5bdafaf12f3c
SHA512

9b6ce6299dce62a08766e70871b80b088a0b973cdcca8b65bd836b6b5dd75834b392778b87c05180bf4b16d67f0373deb2475da98101535f90d5013da9f8e6ae
SSDEEP

3072:C4fWrU8VGJJLwxal+1lPGjxql5vle2y2y22yy22y22EIm+JV:C4fW2LwG+qxo7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
badfe60f51c174db5afe138c71d2d3dd

Files

badfe60f51c174db5afe138c71d2d3dd
.exe windows:5 windows x86 arch:x86

80b7bc1e581fda002341d8e5566c2aa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DefineDosDeviceA
GetConsoleAliasExesW
IsBadStringPtrW
GetProcessVersion
GetStringTypeExA
SetWaitableTimer
GetPrivateProfileIntA
GetTempPathW
MulDiv
UnregisterWait
LocalReAlloc
lstrcpyW
CreateEventA
CreateMailslotA
DeactivateActCtx
SetThreadExecutionState
IsBadHugeReadPtr
WriteProfileStringA
GetComputerNameW
CreateDirectoryExW
WritePrivateProfileStringW
IsProcessInJob
GetConsoleCursorInfo
GetCompressedFileSizeA
GetShortPathNameW
GetGeoInfoW
ExitThread
DeviceIoControl
GetSystemDefaultUILanguage
lstrcmpiW
SetThreadPriorityBoost
GlobalCompact
LocalSize
QueryDepthSList
GetDefaultCommConfigW
GenerateConsoleCtrlEvent
LockFileEx
RequestDeviceWakeup
LCMapStringW
GetStringTypeW
GetStringTypeA
CompareStringW
SetupComm
ResetWriteWatch
InitAtomTable
SetFileShortNameW
GlobalFindAtomW
CreateHardLinkA
GetProcessHandleCount
GetModuleHandleExW
ChangeTimerQueueTimer
OpenFile
FindResourceW
GetNamedPipeHandleStateW
VirtualUnlock
CreateJobObjectW
WriteConsoleA
SetThreadUILanguage
GetCommModemStatus
GetThreadContext
GetCurrentDirectoryA
GetConsoleDisplayMode
SetStdHandle
OpenProcess
GetMailslotInfo
WriteConsoleOutputW
PeekConsoleInputW
FindAtomA
VerifyVersionInfoA
GetThreadLocale
TlsGetValue
WaitNamedPipeW
CreateTapePartition
MultiByteToWideChar
GetCPInfoExW
IsValidCodePage
IsBadStringPtrA
LocalFree
AllocateUserPhysicalPages
CreateMutexA
SetConsoleTitleW
EncodeSystemPointer
SetTapePosition
ReleaseSemaphore
PostQueuedCompletionStatus
CompareStringA
DeleteVolumeMountPointW
GetVolumePathNameW
LCMapStringA
CancelDeviceWakeupRequest
GetConsoleSelectionInfo
GetConsoleMode
SignalObjectAndWait
GetUserDefaultLCID
InitializeSListHead
EraseTape
LoadLibraryW
WriteFile
GetSystemDefaultLCID
OpenJobObjectW
FreeLibraryAndExitThread
ExitProcess
SetConsoleActiveScreenBuffer
ExpandEnvironmentStringsA
GetTickCount
ActivateActCtx
VirtualLock
GetDiskFreeSpaceW
GetNumaHighestNodeNumber
InterlockedPushEntrySList
WaitForSingleObjectEx
AddAtomW
LocalHandle
ReplaceFileA
GetSystemTimes
BackupSeek
LocalFileTimeToFileTime
GetConsoleAliasExesLengthA
RegisterWaitForSingleObjectEx
SetCommConfig
PurgeComm
ScrollConsoleScreenBufferA
WriteConsoleOutputCharacterA
HeapWalk
FindNextVolumeW
WriteProfileSectionW
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetOEMCP
GetACP
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
CreateFileA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
WideCharToMultiByte
SetFilePointer
GetFileType
SetHandleCount
ReadFile
GetStdHandle
Sleep
GetModuleHandleW
HeapReAlloc
HeapCreate
RaiseException
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateThread
GetCurrentThreadId
HeapAlloc
HeapFree
GetLastError
FindFirstFileA
ConnectNamedPipe
GetConsoleCP
SearchPathW
SetThreadPriority
FatalAppExitW
RegisterWaitForSingleObject
CreateActCtxW
FreeUserPhysicalPages
GetSystemWindowsDirectoryA
GetFileAttributesExA
WaitForSingleObject
TerminateThread
FreeLibrary
lstrcpyA
lstrcatA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
SearchPathA
OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
CloseHandle
VirtualAlloc
UnmapViewOfFile
VirtualFree
VirtualProtect
GetModuleHandleA
lstrcmpA
GetModuleFileNameA
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryA

gdi32

PolyTextOutA
GetTextAlign
SetMiterLimit
Chord
GetStretchBltMode
GetWindowOrgEx
Polyline
GetEnhMetaFileBits
FillRgn
GetDIBColorTable
SetDCPenColor
CreateEnhMetaFileA
GetEnhMetaFileHeader
OffsetViewportOrgEx
SetViewportOrgEx
StartDocA
RemoveFontMemResourceEx
SetPixel
RemoveFontResourceA
ExcludeClipRect
FrameRgn
CreateScalableFontResourceA
SetTextCharacterExtra
CreateCompatibleDC
PlayMetaFile
LineTo
CreateICW
GetPolyFillMode
CopyMetaFileA
AbortPath
GetTextExtentPointW
CreateDCW
AnimatePalette
SetSystemPaletteUse
DeleteDC
GetTextCharsetInfo
ModifyWorldTransform
EnumFontFamiliesExA
CreateHatchBrush
FloodFill
PolyTextOutW
ResetDCA
GetTextExtentExPointW
TranslateCharsetInfo
GetRasterizerCaps
TextOutA
UpdateColors
GdiSetBatchLimit
GetGraphicsMode
SwapBuffers
PtInRegion
SetDCBrushColor
Arc
CreateFontW
SetDIBits
GetGlyphIndicesW
ExtCreateRegion
SetDIBitsToDevice
GetTextExtentPoint32A
GdiFlush
GetFontUnicodeRanges
DeleteMetaFile
GetDeviceGammaRamp
PolyPolygon
EnumFontsW
AddFontResourceExW
Escape
TextOutW
RectVisible
SetAbortProc
GdiComment
GetDCOrgEx
GetMetaFileA
EndDoc
DeleteObject
GetMapMode
EnumFontFamiliesW
GetTextExtentExPointA
BeginPath
GetViewportOrgEx
SetStretchBltMode
SetWindowOrgEx
GetMiterLimit
GetEnhMetaFilePixelFormat
RoundRect
SetPixelV
EnumICMProfilesA
EnumICMProfilesW
GetColorSpace
CreatePen
GetCharABCWidthsFloatW
GdiGradientFill
GetPixel
StrokeAndFillPath
ArcTo
GetColorAdjustment
RestoreDC
GetSystemPaletteEntries
GetTextExtentPointA
ScaleWindowExtEx
AddFontResourceW
SetWinMetaFileBits
GetViewportExtEx
SetBkMode
SetDeviceGammaRamp
SetMapMode
GetTextExtentExPointI
CreateHalftonePalette
SetBoundsRect
FlattenPath
GetKerningPairsA
ChoosePixelFormat
GetGlyphOutlineW
CreateEllipticRgnIndirect
GetTextFaceA
SetArcDirection
CreateSolidBrush
GetGlyphOutlineA
GetLayout
SetBkColor
CloseEnhMetaFile
SetTextJustification
GetTextCharset
GetMetaFileW
GetCurrentPositionEx
GetCharABCWidthsI
GetWorldTransform
SetViewportExtEx
SetBrushOrgEx
EnumFontsA
CreateCompatibleBitmap
MaskBlt
Rectangle
GetCharWidth32A
DescribePixelFormat
GetSystemPaletteUse
CreateDIBPatternBrush
PaintRgn
CreateDIBSection
EnumFontFamiliesExW
GetRandomRgn
PolylineTo
EqualRgn
GetTextFaceW
Pie
CopyEnhMetaFileA
CreateMetaFileW
InvertRgn
PatBlt
StartPage
SetLayout
StrokePath
GdiAlphaBlend
CreateScalableFontResourceW
CreateBrushIndirect
ExtTextOutA
CreatePatternBrush
RectInRegion
GetFontData
CombineRgn
EnumMetaFile
CreateEnhMetaFileW
SetTextColor
CreateMetaFileA
UnrealizeObject
SelectObject
ExtSelectClipRgn
GetBoundsRect
PolyDraw
CreateRoundRectRgn
GetBitmapBits
CreateRectRgn
SetTextAlign
SelectClipRgn
AddFontResourceExA
GetPath
SelectPalette
Ellipse
GetMetaRgn
CreatePalette
CheckColorsInGamut
ColorMatchToTarget
StartDocW
AddFontMemResourceEx
CreatePolygonRgn
GetRgnBox
AbortDoc
GetICMProfileW
SetMetaFileBitsEx
GetBkMode
BitBlt
GetDeviceCaps

comdlg32

CommDlgExtendedError
PageSetupDlgW
ReplaceTextW
FindTextA
GetSaveFileNameA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

activeds

ord3
ord4
ord22
ord13
ord16
ord17
ord30
ord14
ord5
ord24
ord6
ord9
ord18
ord21

comsvcs

MTSCreateActivity
RecycleSurrogate
CoEnterServiceDomain
SafeRef

crypt32

CryptVerifyMessageHash
CertIsValidCRLForCertificate
CertEnumCRLContextProperties
CryptRegisterDefaultOIDFunction
CryptDecryptAndVerifyMessageSignature
CryptEncryptMessage
CryptUnregisterOIDInfo
CryptMsgVerifyCountersignatureEncodedEx
CryptHashPublicKeyInfo
CertDeleteCertificateFromStore
CertFreeCRLContext
CertCompareIntegerBlob
CryptImportPublicKeyInfoEx
CertOIDToAlgId
CryptMsgCalculateEncodedLength
CryptExportPublicKeyInfo
CertVerifyCRLTimeValidity
CertAddCRLLinkToStore
CryptUninstallDefaultContext
CryptMemRealloc
CertComparePublicKeyInfo
CryptSignCertificate
CryptVerifyMessageSignatureWithKey
CryptProtectData
CryptQueryObject
CertCreateSelfSignCertificate
CertGetCRLFromStore
CertGetValidUsages
CertAddEnhancedKeyUsageIdentifier
CertUnregisterSystemStore
CertAddEncodedCertificateToStore
CryptBinaryToStringA
CryptSetKeyIdentifierProperty
CryptVerifyDetachedMessageHash
PFXIsPFXBlob
CryptInstallOIDFunctionAddress
CertRemoveStoreFromCollection
CertOpenSystemStoreA
CryptSignAndEncryptMessage
CryptMsgOpenToDecode
CertOpenStore
CertRemoveEnhancedKeyUsageIdentifier
CryptMsgGetParam
CertDuplicateCertificateContext
CryptEnumKeyIdentifierProperties
CertGetStoreProperty
CertStrToNameA
CertGetPublicKeyLength
CertVerifyCTLUsage
CryptGetAsyncParam
CertAddEncodedCRLToStore
CertFindCTLInStore
CryptUnregisterDefaultOIDFunction
CryptVerifyCertificateSignatureEx
CryptMemAlloc
CertGetCertificateChain

imm32

ImmSetConversionStatus
ImmSetCompositionStringA
ImmConfigureIMEA
ImmConfigureIMEW
ImmReleaseContext
ImmGetStatusWindowPos

iphlpapi

DisableMediaSense
SetIpNetEntry
UnenableRouter
GetTcpStatistics
GetAdapterOrderMap
GetExtendedTcpTable
CancelIPChangeNotify
GetIpStatisticsEx
GetAdaptersInfo
GetUdpTable
CreateIpForwardEntry
NotifyRouteChange
GetIpForwardTable
DeleteIpForwardEntry
GetFriendlyIfIndex
GetIpAddrTable
EnableRouter
AddIPAddress
SetTcpEntry
GetExtendedUdpTable

msi

ord219
ord174
ord193
ord157
ord214
ord89
ord7
ord93
ord181
ord82
ord84
ord112
ord211
ord212
ord250
ord204
ord258
ord168
ord249
ord60
ord96
ord107
ord44
ord190
ord88
ord202
ord267
ord203
ord210
ord260
ord68
ord227
ord108
ord101
ord225
ord45
ord213
ord102
ord216
ord218
ord85
ord217
ord246
ord261
ord195
ord248
ord136
ord173
ord11
ord10
ord6
ord156
ord141
ord155
ord226
ord262
ord209
ord56
ord268

msimg32

TransparentBlt

comctl32

InitMUILanguage
ord327
ImageList_LoadImageA
ImageList_DragMove
ord6
CreateToolbarEx
ord336
ord334
InitCommonControlsEx
ImageList_Copy
ord329
FlatSB_SetScrollPos
CreatePropertySheetPageA
ord236
PropertySheetA
FlatSB_ShowScrollBar
ImageList_GetImageCount
ord5
ImageList_DragLeave
ord412
ImageList_GetImageInfo
ord321
ord4
ord320
ImageList_Read
ImageList_DragShowNolock
FlatSB_GetScrollProp
ord410
ord15
ImageList_Add
ImageList_DrawIndirect
ImageList_Merge
ImageList_Duplicate
ImageList_LoadImageW
ImageList_Replace
ImageList_EndDrag
ImageList_Remove
ord335
FlatSB_SetScrollRange
FlatSB_SetScrollProp
ImageList_DrawEx
ord8

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80b7bc1e581fda002341d8e5566c2aa3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

activeds

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

comctl32

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 14KB - Virtual size: 21KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 14KB - Virtual size: 21KB