bf9b8ec1d89ff00b49d29df188c9540d

Sharing

Copy URL

Twitter E-mail

General

Target

bf9b8ec1d89ff00b49d29df188c9540d
Size

568KB
MD5

bf9b8ec1d89ff00b49d29df188c9540d
SHA1

6bcd7170509a522893a9d8759bc2fa4c8a3c0f10
SHA256

4bddad5d708e8feab6f586efb15b6943096e4bf617315077c446056339bc40f6
SHA512

b3dcd3db0e2e8d465fac49f0942dbe6308a3925a15d5a7eecabae9fa8e09c4c3718791d92bfc9764dc802e3027de615e4814c61c4e5a57ebb12adaf15e9a9832
SSDEEP

12288:bt/fRcpQB0D5oON0i5P/Q8zxK1T4Zp2YWshYmFePNzti:bt/ZWdogRZQ8KT4ZVUPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9b8ec1d89ff00b49d29df188c9540d

Files

bf9b8ec1d89ff00b49d29df188c9540d
.exe windows:4 windows x86 arch:x86

db35c5276890813df79f87d3860b986d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHAppBarMessage
SheChangeDirA
FindExecutableA
CommandLineToArgvW
ExtractAssociatedIconExW

comctl32

ImageList_DragMove
ImageList_Write
ImageList_Duplicate
ImageList_GetFlags
ImageList_Destroy
MakeDragList
CreateStatusWindow
InitCommonControlsEx
CreateUpDownControl
ImageList_EndDrag
CreateStatusWindowW

kernel32

UnmapViewOfFile
GetModuleHandleA
HeapFree
GetLocalTime
GetPrivateProfileSectionNamesW
FreeEnvironmentStringsW
HeapReAlloc
GetPrivateProfileSectionA
CompareStringA
LCMapStringA
TlsFree
GetCompressedFileSizeA
ReadConsoleW
lstrcpyW
lstrlen
DeleteCriticalSection
FindNextFileA
DeleteFiber
GetSystemDefaultLCID
GetModuleFileNameA
SetLastError
ExitProcess
LoadLibraryA
SetFilePointer
CloseHandle
EnterCriticalSection
SetLocaleInfoW
InterlockedExchangeAdd
WriteConsoleW
OpenMutexA
GetPrivateProfileStructW
GetFileType
GetSystemTimeAsFileTime
GetCommandLineA
EnumSystemCodePagesW
TlsGetValue
RtlMoveMemory
GetStartupInfoA
lstrcatW
GetVersion
ReadConsoleOutputW
LocalAlloc
GetCurrentThreadId
InterlockedExchange
TerminateProcess
SetEnvironmentVariableA
GetCurrentThread
CreateMutexA
WriteFile
GlobalGetAtomNameA
EnumDateFormatsA
GetTempPathA
EnumTimeFormatsW
GetStartupInfoW
TlsAlloc
GetCurrentProcessId
LCMapStringW
SetWaitableTimer
GetLastError
EnumDateFormatsExW
ReadConsoleOutputCharacterA
MultiByteToWideChar
GetModuleFileNameW
GetDateFormatW
GetProcessHeap
GetProcAddress
SetStdHandle
GetStringTypeW
TlsSetValue
GetEnvironmentStringsW
GetCurrentProcess
GetCPInfo
FreeEnvironmentStringsA
ConnectNamedPipe
VirtualQuery
FlushFileBuffers
CreateMutexW
LeaveCriticalSection
AddAtomA
DebugBreak
FoldStringW
HeapCreate
HeapDestroy
OpenEventA
VirtualUnlock
IsBadWritePtr
GetSystemTimeAdjustment
InitializeCriticalSection
GetTickCount
CompareStringW
GlobalLock
GetWindowsDirectoryW
SetHandleCount
FreeLibrary
GetCommandLineW
WriteConsoleInputA
UnhandledExceptionFilter
VirtualFree
InterlockedDecrement
GetModuleHandleW
CreatePipe
QueryPerformanceCounter
EnumResourceTypesA
CreateProcessW
GetStringTypeA
CreateWaitableTimerW
GetFileSize
FlushViewOfFile
SystemTimeToTzSpecificLocalTime
GetSystemInfo
GetTimeFormatA
GetEnvironmentStrings
LoadLibraryW
FillConsoleOutputCharacterA
VirtualAlloc
InterlockedIncrement
HeapAlloc
FileTimeToDosDateTime
GetPrivateProfileSectionW
CopyFileExA
RtlFillMemory
GetDiskFreeSpaceA
GetVersionExW
GetAtomNameA
GetProfileStringW
ReadFile
EnumResourceNamesW
LoadLibraryExW
GetTimeZoneInformation
GlobalAddAtomW
RtlUnwind
WideCharToMultiByte
GetStdHandle
ReadConsoleOutputCharacterW
GetLocaleInfoA
ReadConsoleInputW
GetSystemTime

wininet

FtpCommandA
InternetReadFile
GetUrlCacheEntryInfoA

user32

GetWindowModuleFileNameW
InsertMenuW
GetDC
PostThreadMessageA
GetWindowRect
RegisterClassA
MessageBoxExA
SetClassWord
OpenWindowStationW
ScrollDC
DestroyWindow
GetClassNameW
DefWindowProcW
InflateRect
SetSystemCursor
FindWindowExW
MessageBoxW
ShowWindow
CreateWindowExW
MsgWaitForMultipleObjects
GetClipboardSequenceNumber
OpenDesktopA
GetActiveWindow
SetPropA
LoadImageA
SetCaretBlinkTime
WindowFromPoint
SetDlgItemInt
ReleaseCapture
CallWindowProcW
EnumDisplaySettingsExW
RegisterClassExA
GetMessageW
EnumDesktopsW
ValidateRgn
TileWindows
GetMenuCheckMarkDimensions
TrackPopupMenu

advapi32

CreateServiceW
CryptEncrypt
LookupAccountSidW
RegDeleteValueA
AbortSystemShutdownW
InitiateSystemShutdownW
LookupSecurityDescriptorPartsA

gdi32

GetColorSpace
GetCharABCWidthsW
GetArcDirection
CreateDCA
SelectObject
GetROP2
GetTextExtentExPointW
GetDeviceCaps
FillRgn
EnumEnhMetaFile
CreateMetaFileA
SetTextJustification
GetCharWidthA
CreateICA
SetDIBColorTable
DeleteObject
SaveDC
DeleteDC
TextOutW
GetObjectW
BeginPath

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db35c5276890813df79f87d3860b986d

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

wininet

user32

advapi32

gdi32

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 248KB - Virtual size: 244KB

.data Size: 116KB - Virtual size: 140KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 248KB - Virtual size: 244KB

.data
Size: 116KB - Virtual size: 140KB

.rsrc
Size: 24KB - Virtual size: 20KB