bd0fac5d6d39250da76a956829d2128c

Sharing

Copy URL Twitter E-mail

General

Target

bd0fac5d6d39250da76a956829d2128c
Size

93KB
MD5

bd0fac5d6d39250da76a956829d2128c
SHA1

3447072976208c0fc3dd45455818b2cbb09aeefa
SHA256

f0bc7030c4c6b70b57c26fc8ac585087ac722483f4f09cbf5c57b344d0c68618
SHA512

09a0dc383da5adcdb7126442f90b2ffa70b7ad2e2ab30e0dbddc85a03ec6cd7ccd125b7a3277ad79891f727fced1b18b5dbe9b159e7567ae18b122258ef3d67d
SSDEEP

1536:HQT1otwLLwwuhfxZF8/TiM1JPMK3pz+ijZcw8xwc5Cxx76FDK:HQGWfwVhf7mrTz+idCT5Cx8FDK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd0fac5d6d39250da76a956829d2128c

Files

bd0fac5d6d39250da76a956829d2128c
.exe windows:5 windows x86 arch:x86

d12b2ab58dadccf02d9ee183cc4a35aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
ReadFile
MultiByteToWideChar
RtlUnwind
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
Sleep
GetModuleHandleW
HeapReAlloc
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateThread
GetCurrentThreadId
ExitThread
HeapAlloc
HeapFree
GetLastError
GetLocaleInfoA
SetFilePointer
ExitProcess
GetProcessHeap
SetEndOfFile
OpenFileMappingA
CloseHandle
GetVersionExA
DeleteCriticalSection
VirtualProtect
GetModuleHandleA
GetModuleFileNameA
CreateFileMappingA
EnterCriticalSection
VirtualAlloc
lstrcmpiA
LeaveCriticalSection
GetSystemWindowsDirectoryA
TerminateThread
InitializeCriticalSection
ExpandEnvironmentStringsA
VirtualFree
GetTickCount
GetFileAttributesExA
WaitForSingleObject
MapViewOfFileEx
lstrcpynA
UnmapViewOfFile
lstrlenA
lstrcmpA
GetProcAddress
LoadLibraryA

gdi32

ModifyWorldTransform
GdiComment
AddFontResourceA
FrameRgn
DeleteEnhMetaFile
FloodFill
Polygon
RemoveFontResourceExW
ExtCreateRegion
FillRgn
PolylineTo
OffsetWindowOrgEx
GetBkColor
CopyEnhMetaFileW
GetCharABCWidthsW
SetTextJustification
GetTextMetricsA
CreateEllipticRgnIndirect
OffsetViewportOrgEx

ole32

CoInitialize

comsvcs

CoCreateActivity

crypt32

CertGetSubjectCertificateFromStore
CryptUnregisterOIDFunction
CryptMsgGetAndVerifySigner
CertSaveStore
CryptRegisterDefaultOIDFunction
CertControlStore
CertAddStoreToCollection
CertDeleteCTLFromStore
CertVerifyCTLUsage
CryptMsgVerifyCountersignatureEncoded
CertResyncCertificateChainEngine
CryptMsgOpenToDecode
CryptDecodeMessage
CertCreateCTLEntryFromCertificateContextProperties
CertRDNValueToStrW
CertDuplicateCTLContext
CryptGetKeyIdentifierProperty
CryptEncryptMessage
CryptMsgCountersign
CertRemoveEnhancedKeyUsageIdentifier
CertFreeCertificateChainEngine
CertEnumSystemStore
CryptVerifyDetachedMessageSignature
CryptMsgGetParam
CryptVerifyMessageHash
CertDuplicateCRLContext
CertSetCertificateContextPropertiesFromCTLEntry
CertAddEncodedCertificateToSystemStoreW
CryptDecryptAndVerifyMessageSignature
CryptVerifyCertificateSignature
CertGetCTLContextProperty
CertEnumCTLsInStore
CertGetCertificateChain
CertGetNameStringA
CertSetCertificateContextProperty
CertGetCRLFromStore
CryptInstallOIDFunctionAddress
CryptImportPublicKeyInfoEx
CertCreateCertificateChainEngine
CertCloseStore
CertEnumCTLContextProperties
CryptUnregisterDefaultOIDFunction
CertCompareCertificate
CertAddCertificateContextToStore
CryptRegisterOIDInfo
CryptSetOIDFunctionValue
CryptMsgCalculateEncodedLength
CertEnumPhysicalStore
CertCompareIntegerBlob
CertFindCertificateInCRL
CryptMsgSignCTL
CertFreeCertificateChain
CryptSetAsyncParam
CertVerifyCRLRevocation
CertSetCRLContextProperty
CertOpenSystemStoreW
CryptHashMessage
CryptMsgDuplicate
CryptRegisterOIDFunction
CryptMemFree
CryptUninstallDefaultContext
CertGetEnhancedKeyUsage
CryptDecodeObjectEx
CryptGetDefaultOIDFunctionAddress
CertFindCRLInStore
CertOpenStore
CryptFindLocalizedName
CryptSignMessage
CryptEnumOIDFunction
CertAddEnhancedKeyUsageIdentifier
CertAddEncodedCertificateToStore
CertGetValidUsages
CryptSignCertificate
CertVerifyValidityNesting
CryptFreeOIDFunctionAddress
CryptQueryObject
CertRDNValueToStrA
CertAlgIdToOID
CertNameToStrW
CertVerifyCRLTimeValidity
CryptCreateAsyncHandle
PFXExportCertStoreEx
CertDeleteCertificateFromStore
CertGetIssuerCertificateFromStore
CryptMsgClose
CryptMsgCountersignEncoded
CertDeleteCRLFromStore
CertIsRDNAttrsInCertificateName
CryptFormatObject
PFXExportCertStore
CryptMsgControl
CryptExportPublicKeyInfo
CertFindSubjectInSortedCTL
CryptGetMessageCertificates
CryptMsgVerifyCountersignatureEncodedEx
CertOpenSystemStoreA
CertCreateCertificateContext
CryptExportPKCS8
CryptFindOIDInfo
CryptSetKeyIdentifierProperty
CertSetEnhancedKeyUsage
CertCompareCertificateName
CryptEncodeObject

msi

ord174
ord228

msimg32

GradientFill

comctl32

ord5
ord6
ord337
ImageList_Destroy
ImageList_DrawIndirect
ord327
ImageList_Read
ImageList_SetIconSize
ImageList_DragEnter
FlatSB_GetScrollProp
ImageList_AddMasked
FlatSB_ShowScrollBar
ord2
FlatSB_SetScrollRange
ord321
ord3
FlatSB_GetScrollPos
ord320
ImageList_GetImageCount
UninitializeFlatSB
ord13
ord334
PropertySheetA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d12b2ab58dadccf02d9ee183cc4a35aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

comsvcs

crypt32

msi

msimg32

comctl32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 14KB - Virtual size: 21KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 14KB - Virtual size: 21KB