bf0ac15644ee82d84255f769bd9cf600

Sharing

Copy URL Twitter E-mail

General

Target

bf0ac15644ee82d84255f769bd9cf600
Size

48KB
MD5

bf0ac15644ee82d84255f769bd9cf600
SHA1

9ff555da418895752599b3e698ca8d5b635059e2
SHA256

06ef8f2d42e27d51fa6ed717be4667d69684d5002fc2e8791e02ff4578c2741e
SHA512

25f880485ef70ea58b6c3179f7ddf8891fa7c83ec61256175cd399b69c6e260d49352e8c1cf38affc06623c82cbe3bcf7b3aada40b0b38fa9be7112035575f8e
SSDEEP

768:REAcgJhcFaDzI51OaoH8/jKqcS2GnYNydUO9Jzs3O2Ue2bk9P+pX:3cg7cFaDzI51OhUgKbzs3O2cX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf0ac15644ee82d84255f769bd9cf600

Files

bf0ac15644ee82d84255f769bd9cf600
.exe windows:4 windows x86 arch:x86

450e01225c1381471e12a9527e3fc984

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal
CoTaskMemFree

kernel32

GetWindowsDirectoryA
DeleteFileA
ExitProcess
CloseHandle
CompareStringA
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WinExec
WideCharToMultiByte
UnmapViewOfFile
TerminateProcess
SuspendThread
Sleep
SetFilePointer
SetEvent
RtlMoveMemory
ResumeThread
CopyFileA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateThread
RemoveDirectoryA
ReadFile
Process32Next
Process32First
OpenProcess
MultiByteToWideChar
MoveFileA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
FileTimeToLocalFileTime
GetVolumeInformationA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
CreateToolhelp32Snapshot

user32

SendMessageA
ReleaseDC
GetDC
wsprintfA

advapi32

CloseServiceHandle
ControlService
StartServiceCtrlDispatcherA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegCloseKey
OpenServiceA
OpenSCManagerA
GetUserNameA
CreateServiceA
ChangeServiceConfigA

shlwapi

StrRChrA
StrStrIA
StrChrA
StrCmpNA

shell32

ShellExecuteA

wsock32

socket
send
recv
listen
inet_addr
htons
getsockname
gethostname
gethostbyname
connect
closesocket
bind
accept
WSAStartup

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

gdi32

GetDeviceCaps

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

450e01225c1381471e12a9527e3fc984

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

shlwapi

shell32

wsock32

rasapi32

gdi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 176KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 176KB

.rsrc
Size: 9KB - Virtual size: 8KB