bcd92bd39e73ef8d429a48af4f6e5ee1

Sharing

Copy URL Twitter E-mail

General

Target

bcd92bd39e73ef8d429a48af4f6e5ee1
Size

124KB
MD5

bcd92bd39e73ef8d429a48af4f6e5ee1
SHA1

b22633e95b3013995e3233d8ea307a635390782d
SHA256

52046ced51953108ca61082728952786a0bb08f99eb82c735eeec0c0793921b5
SHA512

1f52fd482a52512068ce068fa4d8998a9e75525345f1dc96508b5278397c9b1c5e07c3f22fbc89ea264ef28ad376644ddedafee5f6f6c7018435b29d216ccbb2
SSDEEP

3072:/x3hR+XVkP1SCPPufoV5QdL3qEWYRj948er:/xRR+XeP1SCPPpOqaT7e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcd92bd39e73ef8d429a48af4f6e5ee1

Files

bcd92bd39e73ef8d429a48af4f6e5ee1
.exe windows:5 windows x86 arch:x86

b32626e5d5583101655d03ec988ed3c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\climb\Connect\piece\ExperienceExercise.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
RtlUnwind
HeapSize
LoadLibraryW
ExitProcess
GetTimeZoneInformation
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcAddress
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
GetStartupInfoW
SetEnvironmentVariableA
HeapSetInformation
GetCommandLineA
GetTimeFormatA
CompareStringW
GetSystemTime
CloseHandle
GetVersionExA
DeleteCriticalSection
VirtualProtect
GetModuleHandleA
ResetEvent
VirtualProtectEx
CopyFileA
VirtualAlloc
GetLastError
GetStartupInfoA
CreateDirectoryA
GetSystemDirectoryA
CreateProcessA
Sleep
GetVolumeInformationA
OpenProcess
WriteFile
GetDateFormatA
VirtualFree
GetTickCount
QueryPerformanceCounter
LoadResource
SetEndOfFile
FindResourceA
GetFileSize
CreateFileA

user32

InsertMenuItemA
GetDlgItemInt
GetClassNameA
SetCursor
LoadImageA
GetClassInfoExA
CallNextHookEx
IsWindowEnabled
DrawIcon
EnumWindows
GetDC
SetDlgItemInt
GetWindowTextA
GetAsyncKeyState
CheckMenuRadioItem
GetMessagePos
FindWindowA
UpdateWindow
DispatchMessageA
ShowWindow
EnumChildWindows
DefWindowProcA
ReleaseDC
GetWindowLongA

gdi32

TextOutA
StartPage
CreateFontIndirectA
Rectangle
StartDocA
Escape
ExtTextOutA
RestoreDC

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
EnumPrintersA
GetPrinterA

comctl32

ImageList_GetImageCount
ImageList_Create
ImageList_EndDrag
ImageList_GetDragImage

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
GetFileTitleA

ole32

CoRevokeClassObject
CoInitialize
OleInitialize
OleSetContainedObject
CoUninitialize
OleUninitialize

ws2_32

gethostname
WSAStartup
WSAConnect
getsockname
shutdown
WSASocketA
gethostbyname
WSACreateEvent
socket
WSACleanup
sendto
setsockopt

wininet

InternetCanonicalizeUrlA
HttpQueryInfoA
InternetOpenUrlA
InternetConnectA
InternetQueryDataAvailable
InternetWriteFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA

shlwapi

PathFindNextComponentA
PathFindFileNameA
PathIsFileSpecA

advapi32

InitializeSecurityDescriptor
RegSetValueExA
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegDeleteKeyA
OpenServiceA
OpenProcessToken
StartServiceCtrlDispatcherA
DeleteService
OpenThreadToken
SetEntriesInAclA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
FreeSid
OpenSCManagerA
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
GetTokenInformation

winmm

mciGetErrorStringA
timeBeginPeriod
mciSendCommandA
timeEndPeriod

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertGetCertificateChain
CertCreateSelfSignCertificate
CertCreateCertificateContext
CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CertFreeCertificateChain
CryptHashCertificate

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32626e5d5583101655d03ec988ed3c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comctl32

comdlg32

ole32

ws2_32

wininet

shlwapi

advapi32

winmm

crypt32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 4KB - Virtual size: 41KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 4KB - Virtual size: 41KB

.rsrc
Size: 1KB - Virtual size: 1KB