bf1e3fa9985f3a2ac760f2095eb2cbe6

Sharing

Copy URL Twitter E-mail

General

Target

bf1e3fa9985f3a2ac760f2095eb2cbe6
Size

1.5MB
MD5

bf1e3fa9985f3a2ac760f2095eb2cbe6
SHA1

5af54db79ec1f5c3caa325cc5c8032e16411e81b
SHA256

7da243e349f6cca906f1e36ab36f2a05837c452f0d6c3492da39f934bdc4d860
SHA512

cd87bf5bb626b433aea054545c15304267fdd8c56fecf6afbf842d17496fa792639c59ee568f95434ce55bc836da5df8f782b18dce23daf9c950291ae21f4d12
SSDEEP

6144:8BerUa6tCTEEl2nfKSMOhvllzDx9GgmlgjGvpiavRBFyV9tDH6VdIa3aLHbufFr6:8y6tCTgnfKSZhdR3sxvvw3EzxBlb2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1e3fa9985f3a2ac760f2095eb2cbe6

Files

bf1e3fa9985f3a2ac760f2095eb2cbe6
.exe windows:6 windows x86 arch:x86

8baa29b18cd981ee2ddbd208bcd61c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\ATL\General\DispSink\DispClient\release.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFileEx
MapViewOfFile
MoveFileW
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WideCharToMultiByte
Wow64GetThreadContext
WriteConsoleW
WriteFile
WriteProcessMemory
lstrlenW
GetModuleFileNameA
SizeofResource
SetThreadLocale
VirtualProtect
SetLastError
VirtualAlloc
GetThreadLocale
InitializeCriticalSectionEx
FindResourceA
lstrlenA
GetCurrentThreadId
GetModuleHandleA
MultiByteToWideChar
Sleep
GetComputerNameExW
GlobalAlloc
RaiseException
FreeConsole
IsDBCSLeadByte
LoadResource
DecodePointer
GetProcAddress
GlobalLock
GetModuleHandleW
lstrcmpiA
GlobalUnlock
MulDiv
HeapFree
GetProcessHeap
InterlockedPopEntrySList
SetFilePointerEx
GetStringTypeW
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentStringsW
GetOEMCP
FindNextFileA
FindFirstFileExA
GetFileType
GetCurrentThread
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FormatMessageA
FlushViewOfFile
FlushFileBuffers
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemLocalesW
EnterCriticalSection
EnumSystemLocalesEx
EncodePointer
DuplicateHandle
DisconnectNamedPipe
DeleteFileW
DeleteCriticalSection
DebugBreak
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateJobObjectW
CreateIoCompletionPort
CreateFileW
CreateFileMappingW
CreateEventW
CreateDirectoryW
ConnectNamedPipe
CompareStringW
CloseHandle
AssignProcessToJobObject
GetLastError
AcquireSRWLockExclusive
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
OutputDebugStringW
VirtualFree
FlushInstructionCache
GetCurrentProcess
HeapAlloc

user32

InvalidateRect
RegisterClassExA
PtInRect
GetParent
BeginPaint
GetClientRect
CharNextW
SetFocus
IntersectRect
CreateWindowExA
ReleaseDC
EndPaint
UnregisterClassA
EqualRect
DefWindowProcA
CharNextA
GetKeyState
GetFocus
DestroyWindow
GetDC
SetWindowPos
LoadCursorA
SetWindowRgn
UnionRect
ShowWindow
IsWindow
GetClassInfoExA
OffsetRect
SetWindowLongA
CallWindowProcA
IsChild
GetWindowLongA
MessageBoxA

gdi32

SaveDC
CloseMetaFile
SetWindowOrgEx
CreateRectRgnIndirect
SetWindowExtEx
GetDeviceCaps
DeleteDC
CreateMetaFileA
TextOutA
Rectangle
SetViewportOrgEx
RestoreDC
LPtoDP
CreateDCA
SetMapMode
SetTextAlign
DeleteMetaFile

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
EventWrite
EventUnregister
EventRegister
EqualSid
DuplicateTokenEx
DuplicateToken
CreateWellKnownSid
CreateRestrictedToken
CreateProcessAsUserW
CopySid
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
AccessCheck

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW

ole32

OleSaveToStream
ReadClassStm
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CreateOleAdviseHolder
CoTaskMemFree
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegEnumVerbs
CoTaskMemRealloc
OleRegGetUserType

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
VariantCopy
UnRegisterTypeLi
VarUI4FromStr
VariantClear
VariantChangeType
SysStringLen
DispCallFunc
OleCreatePropertyFrame
SysAllocString
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
SysFreeString
LoadTypeLi
VariantInit
LoadRegTypeLi

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8baa29b18cd981ee2ddbd208bcd61c2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 289KB - Virtual size: 289KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 289KB - Virtual size: 289KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 13KB