bebbbd386e3064816be6260a04944a0f

Sharing

Copy URL Twitter E-mail

General

Target

bebbbd386e3064816be6260a04944a0f
Size

31KB
MD5

bebbbd386e3064816be6260a04944a0f
SHA1

c734b5bb1a63e2c8b2a8f19b2d5611b6f5593fa0
SHA256

bdceed7143d65ed77974a2caea7a587e4d62c5f01d62d172eab006673dfd5762
SHA512

c8c6e7499df5704aa42c608445dcb89e16aaccfad0a83f0d0056b2abce76693913c0cf0b648bf9276c91d17345cd9f266fbb0e3f570143cadff01e9c1176894c
SSDEEP

768:dj2uDf/zNjbA0UdYC6v2WDU3+25Ih95FijnvbADe+Hru:suDfVAPr6v2We+26DXijnIH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bebbbd386e3064816be6260a04944a0f

Files

bebbbd386e3064816be6260a04944a0f
.exe windows:4 windows x86 arch:x86

c4c232de83415a3f9666ac48ab19cc8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rpcrt4

NDRSContextMarshall
MesHandleFree
MesIncrementalHandleReset
MesBufferHandleReset
CreateStubFromTypeInfo
NdrConformantStructBufferSize
DceErrorInqTextW
MesEncodeFixedBufferHandleCreate
MesInqProcEncodingId
MesDecodeIncrementalHandleCreate
NdrAsyncClientCall
NdrByteCountPointerFree
NDRCContextBinding
NdrClientInitialize
NDRSContextMarshallEx
DllRegisterServer
NdrAllocate
NdrByteCountPointerBufferSize
NdrAsyncServerCall
DllGetClassObject
NdrByteCountPointerUnmarshall
NDRCContextMarshall
CStdStubBuffer_CountRefs
NDRcopy

oleaut32

VariantCopy
SafeArrayPtrOfIndex
SetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SysStringByteLen
GetActiveObject
SysStringLen
VariantInit
SysFreeString
SafeArrayPutElement
CreateErrorInfo
RegisterTypeLib
SafeArrayGetLBound
VariantClear
VariantChangeTypeEx
SafeArrayGetUBound
VariantCopyInd
OleLoadPicture
SysReAllocStringLen
GetErrorInfo
SafeArrayUnaccessData
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLibEx
SafeArrayAccessData

gdi32

MoveToEx
SetTextColor
SelectClipRgn
LineTo
BitBlt
SelectObject
RestoreDC
CreatePen
CreateDIBitmap
CreateRectRgn
RealizePalette
GetStockObject
CreateSolidBrush
UnrealizeObject
ExtTextOutA
GetObjectA
SaveDC
GetTextExtentPointA
GetSystemPaletteEntries
CreateFontIndirectA
CreatePalette
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
GetTextMetricsA
SetBkColor
SelectPalette

user32

MessageBoxW
GetSysColor
SetWindowLongA
InvalidateRect
GetDlgItem
EnableWindow
GetWindowRect
SetWindowLongW
SendMessageA
BeginPaint
GetDesktopWindow
CharNextA
IsWindow
GetSystemMetrics
EndPaint
CharNextW
EndDialog
SetCursor
DestroyWindow
GetDC
wsprintfW
PostQuitMessage
LoadStringW
GetClientRect
GetWindowLongW
DefWindowProcA
SetFocus
MessageBoxA
SetTimer
PostMessageW
SendMessageW
SetWindowPos
GetParent
wsprintfA
ShowWindow
CreateWindowExA
KillTimer
LoadStringA
TranslateMessage

kernel32

OpenProcess
VirtualFree
CreateMutexW
LoadResource
CreateFileMappingA
GetCurrentProcess
IsDBCSLeadByte
GetTempPathA
LockResource
CreateFileMappingW
FindNextFileA
MulDiv
CreateDirectoryA
GetFullPathNameW
SizeofResource
ExitProcess
DeviceIoControl
AddAtomW
VirtualAlloc
SetFileAttributesA
GetCurrentDirectoryW
GetWindowsDirectoryW
GetComputerNameW
OutputDebugStringW
IsValidCodePage
lstrcatW
RemoveDirectoryW
ResumeThread
FileTimeToLocalFileTime
GetLastError
GetCommandLineW
RaiseException
FindResourceA
CloseHandle
CreateProcessW
IsBadCodePtr
LoadLibraryExA
ReleaseSemaphore
CreateMutexA
ExpandEnvironmentStringsA
CopyFileW
WriteConsoleW

shell32

SHChangeNotifyRegister
DragAcceptFiles
DAD_DragLeave
IsNetDrive
SHILCreateFromPath
DllUnregisterServer
SHChangeNotifyDeregister
DllGetVersion
Shell_MergeMenus
DragFinish
SHDefExtractIconW
PathQualify
DllInstall
Shell_GetImageLists
PathResolve
DllRegisterServer
DllGetClassObject
DllCanUnloadNow
DriveType
DAD_DragMove
IsLFNDrive
PickIconDlg
GetFileNameFromBrowse
RestartDialog
SHStartNetConnectionDialogW
SHCoCreateInstance
DAD_DragEnterEx
Shell_GetCachedImageIndex
PifMgr_OpenProperties
SHGetSetSettings

advapi32

FreeSid
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyW
GetTokenInformation
RegDeleteKeyW
RegEnumValueW
OpenProcessToken
RegDeleteValueA
RegQueryValueExW
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
InitializeSecurityDescriptor
OpenThreadToken
RegSetValueExW
RegQueryValueExA

Sections

.textbss
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.debug
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4c232de83415a3f9666ac48ab19cc8a

Headers

File Characteristics

Imports

rpcrt4

oleaut32

gdi32

user32

kernel32

shell32

advapi32

Sections

.textbss Size: - Virtual size: 48KB

.rdata Size: 2KB - Virtual size: 2KB

.idata Size: 18KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.text Size: 512B - Virtual size: 470B

.debug Size: 2KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 48KB

.rdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.text
Size: 512B - Virtual size: 470B

.debug
Size: 2KB - Virtual size: 1KB