bdef8159ca1e00f574162148f12b012d

Sharing

Copy URL

Twitter E-mail

General

Target

bdef8159ca1e00f574162148f12b012d
Size

236KB
MD5

bdef8159ca1e00f574162148f12b012d
SHA1

1bc5520748fda174a2d41456dfadb899a0fe12c3
SHA256

17c23780f52a5c9d4d9cd6e34d0fd9f2a62a4dc7397457a8a42133e7d82aabf1
SHA512

6be1d36fc7a519317e69110590ccf347b911ee510d8ef96bf0aa24db12e0a355bf090310ea172004c6862279d977dab189cfd163f524144d48162885d886618d
SSDEEP

6144:8qQm3OeNk2lOFvPSBV6dMgcTz5uh0PD3QIUmrkUNZ2K:8qbOeN9OFvPYPgOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdef8159ca1e00f574162148f12b012d

Files

bdef8159ca1e00f574162148f12b012d
.exe windows:4 windows x86 arch:x86

de9e225735ce986f0e0ee680d1f1c077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strdup
_itoa
_wcsicmp
_stricmp
_strnicmp
_wcsupr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
isalpha
islower
isupper
isalnum
_strrev
swprintf
_iob
putc
_ultoa
_endthreadex
_beginthreadex
sscanf
toupper
isdigit
strchr
_local_unwind2
strrchr
printf
time
__CxxFrameHandler
exit
fgets
strncmp
wcscmp
strstr
_ftol
rand
wcslen
wcsncpy
wcsncmp
wcscpy
fseek
ftell
malloc
fread
free
fwrite
strncpy
strtok
atoi
srand
wcscat
getenv
_snprintf
sprintf
_except_handler3
fopen
vsprintf
fprintf
fclose
??3@YAXPAX@Z
??2@YAPAXI@Z

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

advapi32

GetSidSubAuthority
LookupAccountSidW
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
DeleteService
AllocateAndInitializeSid
FreeSid
OpenServiceA
RegCreateKeyExA
GetUserNameA
InitiateSystemShutdownW
OpenSCManagerW
EnumServicesStatusW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2W
CloseServiceHandle
StartServiceCtrlDispatcherW
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetUserNameW
LsaClose

mpr

WNetCancelConnectionW
WNetAddConnection2W

netapi32

NetUserEnum
NetUserGetInfo
NetShareAdd
NetServerDiskEnum
NetApiBufferFree

shell32

ShellExecuteA

user32

wsprintfA
wsprintfW

wininet

InternetOpenW
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

ws2_32

send
select
closesocket
WSACleanup
connect
ioctlsocket
socket
htons
inet_addr
__WSAFDIsSet
shutdown
gethostbyaddr
inet_ntoa
gethostbyname
getsockname
sendto
htonl
setsockopt
WSASocketW
WSAStartup
recv

kernel32

DeleteFileW
CopyFileW
Sleep
ExitProcess
SetLastError
MultiByteToWideChar
lstrlenW
HeapAlloc
GetLastError
HeapReAlloc
GetProcessHeap
HeapFree
GetModuleHandleW
GetModuleFileNameA
GetCurrentProcessId
SetCurrentDirectoryW
CreateFileA
GlobalMemoryStatus
GetTimeFormatA
GetDateFormatA
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
ExitThread
lstrcmpiA
SetErrorMode
GetExitCodeProcess
PeekNamedPipe
CreatePipe
SearchPathA
SetFileTime
GetSystemDirectoryW
GetTempPathW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetTickCount
GetCurrentThreadId
ReleaseMutex
CreateMutexW
DeleteFileA
CloseHandle
WaitForSingleObject
OpenProcess
GetCurrentProcess
SetPriorityClass
GetWindowsDirectoryW
MoveFileW
ReadFile
GetFileSize
CreateFileW
DuplicateHandle
VirtualAlloc
VirtualFree
CompareStringW
LoadLibraryA
GetVersionExW
GetDiskFreeSpaceExW
GetLocaleInfoA
TerminateProcess
GetTempPathA
Process32NextW
Process32FirstW
GetComputerNameA
CreateToolhelp32Snapshot
TerminateThread
CreateThread
CreateProcessA
WriteFile
GetFileTime
GetWindowsDirectoryA
SystemTimeToFileTime
GetSystemTimeAsFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
InitializeCriticalSection
GetStartupInfoA
GetModuleHandleA
CopyFileA
WideCharToMultiByte
MoveFileA
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateSemaphoreW
ResetEvent
CreateEventW

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 11.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de9e225735ce986f0e0ee680d1f1c077

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

mpr

netapi32

shell32

user32

wininet

ws2_32

kernel32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 28KB - Virtual size: 11.5MB

.rsrc Size: 108KB - Virtual size: 105KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 28KB - Virtual size: 11.5MB

.rsrc
Size: 108KB - Virtual size: 105KB