baf4dbf5d5ff69340888badf27c2cc0d

Sharing

Copy URL Twitter E-mail

General

Target

baf4dbf5d5ff69340888badf27c2cc0d
Size

335KB
MD5

baf4dbf5d5ff69340888badf27c2cc0d
SHA1

85141b3ae3d6dd4221a7271d7aa9630d36af49ec
SHA256

0d541cbea6130020f962767dd967e13423f72d84d324e4c392cf32e01340beb9
SHA512

f896cbbbd6225cd16c24d243ef4b67bba74539f85d4374b920d47e3e87ff16d377fba16d69f2271bca88a57a913678b82ee0afddd2c0c34683a40a897d5bfa12
SSDEEP

6144:O3wHHBuBidwyaEedD/y6tTwsG1j2nMMajZbAme+KJYJR2ZWLjFKeH+UJ6:hHH46wJxl9Md2hme/Cm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baf4dbf5d5ff69340888badf27c2cc0d

Files

baf4dbf5d5ff69340888badf27c2cc0d
.exe windows:4 windows x86 arch:x86

015f143498bcc488d80641e30d1cd582

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\dhmpdme\qbhjfrb.pdb

Imports

comdlg32

ReplaceTextW
GetFileTitleA
ChooseColorA
GetSaveFileNameW

comctl32

InitCommonControlsEx

kernel32

VirtualFree
GetProcessHeaps
GetCurrentThread
GetACP
InterlockedDecrement
EnterCriticalSection
GetModuleFileNameA
GetTimeZoneInformation
GetCPInfo
GetTickCount
QueryPerformanceCounter
HeapDestroy
WriteFile
GetEnvironmentStringsW
CloseHandle
VirtualQuery
TlsSetValue
GlobalHandle
GetFileType
GetSystemTime
HeapCreate
UnhandledExceptionFilter
OpenMutexA
DeleteCriticalSection
HeapFree
GetModuleHandleA
IsBadWritePtr
FreeEnvironmentStringsA
GetCurrentProcessId
GetVersion
LCMapStringA
RtlUnwind
GetProcAddress
GetStartupInfoA
CompareStringW
GetLastError
TlsGetValue
GetStringTypeW
SetLastError
TlsAlloc
FreeEnvironmentStringsW
GetPrivateProfileSectionNamesW
GetCurrentThreadId
GetEnvironmentStrings
ExitProcess
GetCommandLineA
HeapAlloc
VirtualAlloc
InterlockedExchange
CreateMutexA
SetHandleCount
ReadFile
LCMapStringW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringA
SetFilePointer
TerminateProcess
LoadLibraryW
WideCharToMultiByte
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcess
GetLocalTime
SetStdHandle
InterlockedIncrement
GetOEMCP
FlushFileBuffers
GetStdHandle
CopyFileA
TlsFree
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
EnumSystemLocalesW
LeaveCriticalSection

user32

GetNextDlgTabItem
IsCharAlphaA
SetDebugErrorLevel
CreateWindowExW
EnumDesktopWindows
ChildWindowFromPointEx
SendMessageA
MessageBoxW
ShowWindow
EnumPropsExA
GetKeyboardLayoutNameW
RegisterClassA
IsMenu
LockWindowUpdate
DrawTextW
SetPropW
RegisterClassExA
TranslateMDISysAccel
AdjustWindowRect
DdeSetQualityOfService
SetWindowsHookW
SwapMouseButton
MapVirtualKeyW
GetSystemMetrics
DrawTextA
DefFrameProcW
GrayStringW
GetClipboardFormatNameA

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

015f143498bcc488d80641e30d1cd582

Headers

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

kernel32

user32

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 15KB - Virtual size: 39KB

.data Size: 91KB - Virtual size: 90KB

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 15KB - Virtual size: 39KB

.data
Size: 91KB - Virtual size: 90KB

.rsrc
Size: 22KB - Virtual size: 22KB