bcaa687c6ca84d7f7b23a2200991eb9a

Sharing

Copy URL Twitter E-mail

General

Target

bcaa687c6ca84d7f7b23a2200991eb9a
Size

48KB
MD5

bcaa687c6ca84d7f7b23a2200991eb9a
SHA1

26d1db6f5bf06714eb20b3583013f5bc857daea0
SHA256

7ddb239420e31e5e69c986dab00cc73735888790181b842ac6b6b0d9e57839bd
SHA512

5bbb96c63f7b9f211b744e8d7eeb08642f6fcd3954ae24087dfe08fb076651abf171ff752984a0f5ec43bdc73f43ef624823d0642ae2ef1b70eaf35aca3e8401
SSDEEP

768:WIGBMZNdziELBV7EM5BsMPcdMiQc4/M5GQBJl:W7GViELXBs0i+Ugi3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcaa687c6ca84d7f7b23a2200991eb9a

Files

bcaa687c6ca84d7f7b23a2200991eb9a
.exe windows:4 windows x86 arch:x86

3de7c8df1092db1e74de057d63502c1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
CreateEventA
CreateMutexA
InitializeCriticalSection
RegisterServiceProcess
GetCurrentProcessId
LocalFree
OpenMutexA
Sleep
WaitForSingleObject
SetEvent
ReleaseMutex
WriteProfileStringA
lstrcatA
lstrcpyA
EnterCriticalSection
IsBadReadPtr
GetProcAddress
LoadLibraryA
GetProfileStringA
SetFilePointer
SetStdHandle
FlushFileBuffers
HeapAlloc
HeapFree
WriteFile
HeapCreate
GetStdHandle
GetFileType
SetHandleCount
lstrcmpiA
CloseHandle
LeaveCriticalSection
CreateThread
lstrcmpA
FreeLibrary
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
RtlUnwind
GetModuleFileNameA
GetVersion
GetCPInfo
GetOEMCP
ExitProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
GetCommandLineA

user32

CreateWindowExA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
RegisterSystemThread
RegisterClassA
PostQuitMessage
DestroyWindow
DefWindowProcA

gdi32

ord104

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

spoolss

ReadPrinter
EnumPrintProcessorDatatypesA
GetPrintProcessorDirectoryA
EnumPrintProcessorsA
AddPrintProcessorA
ScheduleJob
DeletePrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverA
EnumPrinterDriversA
AddPrinterDriverA
GetPrinterA
SetPrinterA
DeletePrinterConnectionA
AddPrinterConnectionA
WaitForPrinterChange
SetPrinterDataA
GetPrinterDataA
GetJobA
SetJobA
EnumPrintersA
CallVSpoolerSignal
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
ChangeDefaultPrinter
ShutDownSpoolss
CheckNetAvailability
PrintShadowJobs
RespondToConfigChange
CheckNotSplSem
InitializeRouter
EnumPortsA
EnumJobsA
AddMonitorA
ConfigurePortA
PrinterMessageBoxA
AddPrintProvidorA
DeleteMonitorA
DeletePrintProcessorA
AbortPrinter
DeletePrintProvidorA
DeletePortA
DeletePrinter
ClosePrinter
AddPrinterA
AddPortA
EnumMonitorsA
AddJobA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3de7c8df1092db1e74de057d63502c1e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

spoolss

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 20KB

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 20KB