bbcd421ab07f88d38f94a5c1f0ad94bf

Sharing

Copy URL Twitter E-mail

General

Target

bbcd421ab07f88d38f94a5c1f0ad94bf
Size

59KB
MD5

bbcd421ab07f88d38f94a5c1f0ad94bf
SHA1

a1b7d3a12876b6f7cd33593ccd97e379f462446f
SHA256

34cc9e41457ace8916ac120c8fdce7f7f16280919ad40a1c5715dd35f1b63479
SHA512

0f81d1238c3bcd2ccba1f28ac648ce590231f62fb253a0b29ce21b20f2776dc8d8d9a5b64d060ad71dedf46873042ee6183820dd928c5a124f45468c7beb1729
SSDEEP

1536:+vKv4N5U3SaifK3CbRT1crErMp4kxa0OcoYVAXD+BTWNJkG:YKo5R9BvNk3Oc5gWSZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbcd421ab07f88d38f94a5c1f0ad94bf

Files

bbcd421ab07f88d38f94a5c1f0ad94bf
.exe windows:5 windows x86 arch:x86

a48ae4beb1eb2a740c142de526a84955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

I_NetLogonSamLogoff
NetShareAdd
RxNetAccessSetInfo
NetpDbgPrint
NetConfigSet
NetApiBufferAllocate
NetUseDel
I_NetDfsIsThisADomainName
NetpInitFtinfoContext
DsDeregisterDnsHostRecordsW
NetUserSetInfo
NetServerTransportEnum
I_NetlogonComputeClientDigest
NetGroupGetUsers
RxNetServerEnum
NetpIsUncComputerNameValid
NetQueryDisplayInformation
NetDfsMove
RxNetUserPasswordSet
I_NetServerSetServiceBits
I_NetServerAuthenticate3
NetDfsRename
DsGetDcNameA
NetLocalGroupSetMembers
DsGetDcNextW
NetReplImportDirDel
I_NetLogonSamLogonWithFlags
DsRoleServerSaveStateForUpgrade

kernel32

ReadConsoleInputExA
GetPrivateProfileSectionNamesW
GetSystemDefaultLangID
GetSystemPowerStatus
InitializeCriticalSectionAndSpinCount
lstrcpyW
LoadLibraryA
WaitNamedPipeW
LocalLock
DosDateTimeToFileTime
SetDefaultCommConfigA
HeapCreate
GetCurrencyFormatW
LCMapStringA
TlsSetValue
GetConsoleCursorMode
VirtualAlloc
SetHandleContext
FormatMessageA
DeleteAtom
GlobalGetAtomNameW
CreateHardLinkW
CreateJobSet
CreateProcessInternalA
GetProcessShutdownParameters
GetDriveTypeW
LocalCompact
NlsGetCacheUpdateCount

msvcirt

?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
??_8ostream_withassign@@7B@
??_Dostream_withassign@@QAEXXZ
?ebuf@streambuf@@IBEPADXZ
??_Eiostream@@UAEPAXI@Z
??1strstream@@UAE@XZ
??_7ostream@@6B@
??5istream@@QAEAAV0@AAH@Z
??5istream@@QAEAAV0@AAE@Z
?bitalloc@ios@@SAJXZ
??_Gstdiobuf@@UAEPAXI@Z
?flags@ios@@QAEJJ@Z
??5istream@@QAEAAV0@AAJ@Z
??1ostream@@UAE@XZ
?good@ios@@QBEHXZ
?pcount@ostrstream@@QBEHXZ
?sync@stdiobuf@@UAEHXZ
?tie@ios@@QBEPAVostream@@XZ
??0fstream@@QAE@ABV0@@Z
??0stdiostream@@QAE@ABV0@@Z
??_Gistream_withassign@@UAEPAXI@Z
?width@ios@@QBEHXZ
?get@istream@@QAEAAV1@AAC@Z
?setmode@filebuf@@QAEHH@Z
??4ios@@IAEAAV0@ABV0@@Z
?open@filebuf@@QAEPAV1@PBDHH@Z
?precision@ios@@QBEHXZ
?sh_write@filebuf@@2HB
?gbump@streambuf@@IAEXH@Z

query

?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?Commit@CRcovStrmWriteTrans@@QAEXXZ
?SetI4@CStorageVariant@@QAEXJI@Z
??1CSynRestriction@@QAE@XZ
?Marshall@CFullPropSpec@@QBEXAAVPSerStream@@@Z
?GetLPSTR@CAllocStorageVariant@@QBEPADI@Z
CIRestrictionToFullTree
?AddArg@CEventItem@@QAEXK@Z
CiSvcMain
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@PAEPAI@Z
?InitializeForRead@CDynStream@@QAEXXZ
?SaCreateAndCopy@@YGHAAVPMemoryAllocator@@PAUtagSAFEARRAY@@PAPAU2@@Z
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z
?SetPath@CScopeAdmin@@QAEXPBG@Z
?AddArg@CEventItem@@QAEXPBG@Z
?AddDir@CCatState@@QAEXAAV?$XPtrST@G@@@Z
??0CMmStream@@QAE@KH@Z
?GetFileName@CPathParser@@QBEHPAGAAK@Z

msvcp60

??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?max@?$numeric_limits@_N@std@@SA_NXZ
??_7?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@
?do_toupper@?$ctype@G@std@@MBEPBGPAGPBG@Z
??_7?$ctype@G@std@@6B@
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
?id@?$collate@D@std@@2V0locale@2@A
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGHG@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Timevec@std@@QAE@XZ
?real@std@@YANABV?$complex@N@1@@Z
?infinity@?$numeric_limits@K@std@@SAKXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??0locale@std@@QAE@PBDH@Z
??Kstd@@YA?AV?$complex@O@0@ABV10@ABO@Z
??_7messages_base@std@@6B@
?in@?$codecvt@GDH@std@@QBEHAAHPBD1AAPBDPAG3AAPAG@Z
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??_F?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??Ostd@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z

dhcpsapi

DhcpServerQueryAttribute
DhcpModifyClass
DhcpAddSubnetElement
DhcpServerQueryAttributes
DhcpDeleteSubnet
DhcpRemoveOptionValue
DhcpCreateOptionV5
DhcpEnumServers
DhcpGetMibInfo
DhcpAddMScopeElement
DhcpServerGetConfigV4
DhcpServerGetConfig
DhcpServerBackupDatabase
DhcpAddServer
DhcpCreateSubnet
DhcpEnumSubnetElementsV5
DhcpRemoveSubnetElement
DhcpEnumOptions
DhcpAddSubnetElementV4
DhcpSetMScopeInfo

iphlpapi

GetTcpStatisticsEx
CreateIpNetEntry
IcmpCloseHandle
IcmpSendEcho
InternalSetIpForwardEntry
_PfAddFiltersToInterface@24
GetAdaptersInfo
_PfUnBindInterface@4
SetIpStatistics
GetIpStatisticsEx
CreateIpForwardEntry
GetAdaptersAddresses
NotifyRouteChange
GetNumberOfInterfaces
_PfTestPacket@20
DeleteIPAddress
NotifyAddrChange
InternalGetIpNetTable
NhGetInterfaceNameFromDeviceGuid
GetIfTable
SetIfEntry
_PfMakeLog@4
InternalCreateIpNetEntry
_PfGetInterfaceStatistics@16

msvcrt

_mbsnicmp
_ismbcdigit
remove
scanf
__p__wpgmptr
ftell
_endthreadex
__set_app_type
__p___initenv
_flsbuf
__crtCompareStringW
_spawnve
_sopen
__unDNameEx
_fstat64
iswalpha
??0exception@@QAE@ABQBD@Z
_dup
__getmainargs
_mbsncmp
__p__commode
_stat64
iswspace
_nextafter
_mbctolower
_beginthread
atan2
_safe_fprem1
_CIpow
_fpreset

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a48ae4beb1eb2a740c142de526a84955

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

kernel32

msvcirt

query

msvcp60

dhcpsapi

iphlpapi

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 19KB - Virtual size: 57KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 176B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 19KB - Virtual size: 57KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 176B