bc93a6b65e96aa7513cb80625a7866ca8394d43aa4acf356c0c454123d86ce51

Sharing

Copy URL Twitter E-mail

General

Target

bc93a6b65e96aa7513cb80625a7866ca8394d43aa4acf356c0c454123d86ce51
Size

112KB
MD5

e2692999e5b75e974327ff27cd810b0a
SHA1

eda8bd2fa562bbbc6de6d613edcd0ade01c07064
SHA256

bc93a6b65e96aa7513cb80625a7866ca8394d43aa4acf356c0c454123d86ce51
SHA512

f8bab9efd4e06ce0c253c8605b97fa9da42fb0b18c3f10f95c9807fe07cdc4f1c9242caaaa8ea80646feec0b6abcbb7ea56375851ff99743940a13d237062535
SSDEEP

768:ZX6+8XsXtF5HCSoTpaOmgRRaBoQHXzg2IDaG/L7eYbp64AVu4gRPk9:Z38X6dhodaOmgRWtDxe//vbqVaG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc93a6b65e96aa7513cb80625a7866ca8394d43aa4acf356c0c454123d86ce51

Files

bc93a6b65e96aa7513cb80625a7866ca8394d43aa4acf356c0c454123d86ce51
.exe windows:6 windows x86 arch:x86

da594b7a5a015dd3ea39669535cbed91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
MakeAbsoluteSD
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenCurrentUser

kernel32

OutputDebugStringA
MultiByteToWideChar
RaiseException
FormatMessageW
HeapSetInformation
GetVersionExW
SetErrorMode
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
CreateThread
ResetEvent
GetLastError
InterlockedIncrement
lstrlenA
GetLocaleInfoW
MoveFileExW
DeleteFileW
CreateDirectoryW
CreateFileW
WriteFile
WideCharToMultiByte
CompareStringW
lstrcmpW
WaitForMultipleObjects
InterlockedDecrement
GetSystemDefaultLangID
GetSystemDirectoryW
GetProcAddress
OpenEventW
SetLastError
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
ExpandEnvironmentStringsW
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenW
GetCurrentProcess
LocalAlloc
SetConsoleCtrlHandler
LocalFree
WaitForSingleObject
SetEvent
CloseHandle
GetModuleHandleW
GetSystemDefaultUILanguage
GetCurrentProcessId

user32

RegisterClassW
UnregisterClassW
DefWindowProcW
CharNextW
CreateWindowExW
GetMessageW
LoadStringW
PostMessageW
DispatchMessageW
TranslateMessage

msvcrt

atol
__CxxFrameHandler3
wcsstr
memset
_vsnwprintf
memcpy
wcstoul
iswxdigit
toupper
isspace
_CxxThrowException
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
wcscoll
wcspbrk
_wcsupr
_wcslwr
wcsrchr
strlen
memcpy_s
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_wtol
free
malloc
realloc
_wcsicmp
_wtoi
wcschr
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_wcsrev
_ismbcspace
memmove
_ismbcdigit
wcsspn
wcscspn

wbemcomn

?Throttle@@YGJKKKKK@Z
??1CStaticCr

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
VariantChangeType
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysStringLen
SafeArrayUnaccessData

ole32

loadperf

ntdll

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da594b7a5a015dd3ea39669535cbed91

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

wbemcomn

oleaut32

ole32

loadperf

ntdll

Sections

.text Size: 101KB - Virtual size: 100KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 101KB - Virtual size: 100KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 4KB