bc1346bb212d8fafe93f70c994f48322

Sharing

Copy URL

Twitter E-mail

General

Target

bc1346bb212d8fafe93f70c994f48322
Size

228KB
MD5

bc1346bb212d8fafe93f70c994f48322
SHA1

50507decc5cfc0a27e5bb291515237559447375b
SHA256

71584e6f2a5a5aa196b61cb845cbb0a4b498137639617a3d96b4978dc837dc66
SHA512

1eee36edaa861957eac9ddfaad7bea41df6a10ca900d462556727c17409ff21fbd3cf81ec30adb76b0e4b51027214b9f66c0e345d1271143c411f0d846f32468
SSDEEP

3072:2Sm5IMCDwYIZeenqa91ffj+dHZhW2zL4qL0BUiYAWnuvVjVcSqRvTlbR:2Sm5wwYIZe+fHinPzL4qgvYA7RVcSwRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc1346bb212d8fafe93f70c994f48322

Files

bc1346bb212d8fafe93f70c994f48322
.exe windows:4 windows x86 arch:x86

4edd50a0dd27eed23803fb339d368dd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Downloads\Sira\WildMedia\WinFetcher\Release\WinFetcher.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
GetLastError
GetProcessHeap
WideCharToMultiByte
HeapFree
lstrlenA
HeapAlloc
DeleteFileA
HeapReAlloc
InterlockedDecrement
SetFileAttributesA
CopyFileA
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
Sleep
CloseHandle
WriteFile
CreateFileA
GetTempPathA
LeaveCriticalSection
WinExec
GetVersion
lstrcmpiA
GetCurrentThreadId
CreateThread
CreateEventA
lstrcpynA
lstrcpyA
lstrcatA
InterlockedIncrement
SetEvent
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
GetCommandLineA
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCurrentProcess
RemoveDirectoryA
GetSystemTimeAsFileTime
RtlUnwind
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
lstrlenW
ExitProcess
LocalFree
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ReadFile
SetEndOfFile
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
SetFilePointer
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr

user32

PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
CharNextA
CharUpperA
SetTimer
wsprintfA

comdlg32

GetFileTitleA

advapi32

RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
SHGetPathFromIDListA

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoRegisterClassObject
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

shlwapi

PathFileExistsA
PathFindExtensionA

ws2_32

WSASocketA
closesocket
WSAStartup
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4edd50a0dd27eed23803fb339d368dd5

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 664B

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 664B