bf1041545801149993d42ac73bb70660

Sharing

Copy URL Twitter E-mail

General

Target

bf1041545801149993d42ac73bb70660
Size

159KB
MD5

bf1041545801149993d42ac73bb70660
SHA1

73032b34b22d6670e005abe02d6575c725003675
SHA256

bdc81befab33ea6ab255d8ad21b3fc8faaddae2e093b79070df5dcd74d38614f
SHA512

7e373d6f417245bdd73fd757220b7d5e24442ee4c2512b1506a509abf2028093394c3182f3b20ad40490a07891db2c20339f723a27a4a0e95e96a4edf498492a
SSDEEP

3072:iVBsHtNq/YtaayfV+P4WbhsPpkD1u0Q+eomI:pt3tHydSRE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1041545801149993d42ac73bb70660

Files

bf1041545801149993d42ac73bb70660
.exe windows:4 windows x86 arch:x86

7613f877ae672994390d46deba060f17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
LockResource
GlobalFree
FindResourceA
GlobalAlloc
FreeResource
LoadResource
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
CreateMutexA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
lstrcmpiA
GetStringTypeExA
WriteFile
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
ReadFile
SetFilePointer
lstrlenA
CreateFileA
CloseHandle
DeleteFileA
MoveFileA
GetCurrentThreadId
Sleep
GetLastError
GetTickCount
InterlockedDecrement
CreateThread
WaitForSingleObject
lstrcmpA
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
HeapFree
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RaiseException
RtlUnwind
HeapSize
SetUnhandledExceptionFilter
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetHandleCount
GetEnvironmentStringsW
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
HeapReAlloc
TerminateProcess
GetStdHandle
CompareStringA
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualAlloc
VirtualFree
GetFileType
GetEnvironmentVariableA
GetVersionExA

user32

GetClassNameA
IsWindowVisible
GetWindowLongA
PostMessageA
FindWindowExA
CreateWindowExA
EndPaint
EnumWindows
SendMessageA
KillTimer
DestroyWindow
PostQuitMessage
SetTimer
wsprintfA
CharLowerA
GetWindow
SetKeyboardState
GetKeyboardState
SetFocus
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
PeekMessageA
GetWindowRect
GetMessageA
MsgWaitForMultipleObjects
DispatchMessageA
IsZoomed
IsIconic
SystemParametersInfoA
OffsetRect
ShowWindow
BringWindowToTop
LoadIconA
GetSystemMenu
GetTopWindow
AdjustWindowRectEx
MoveWindow
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
CallWindowProcA
GetDC
ReleaseDC
GetFocus
IsChild
GetSysColor
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetWindowLongA
RegisterWindowMessageA
CreateDialogIndirectParamA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DefWindowProcA
GetParent
IsWindow
InvalidateRgn
GetDlgItem
TranslateMessage

gdi32

GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA
GetStockObject
DeleteDC

advapi32

RegDeleteValueA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoDisconnectObject
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoUninitialize
OleLockRunning
CoTaskMemAlloc
OleUninitialize
CoRegisterMessageFilter
StringFromGUID2
CLSIDFromProgID
CreateBindCtx
OleInitialize
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateGuid

oleaut32

SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocString
SysStringLen
LoadTypeLi
VariantCopy
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect

shlwapi

PathRemoveFileSpecA

wininet

InternetGetConnectedState

urlmon

CreateURLMoniker
RegisterBindStatusCallback

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7613f877ae672994390d46deba060f17

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

urlmon

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 13KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 13KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 8KB