bfbb4b1a0591476c957e9d55a5893075

Sharing

Copy URL Twitter E-mail

General

Target

bfbb4b1a0591476c957e9d55a5893075
Size

84KB
MD5

bfbb4b1a0591476c957e9d55a5893075
SHA1

c73185b2d3cb148cbdee746246492ab7f56d13c5
SHA256

a2290f9ef3552ec03c3105985873709fd7aa39475adf931c180545a619c9a54f
SHA512

421821d2b9274f82f0189f1ce3ba681d6a0f07c9224c3ece696585cf2d15863b69fd1aa1247e3f0451962f8740128be2ec79c4ccc9162ab963758461f9bf2632
SSDEEP

1536:X8zc+9orZ384+AdSA24aMgp5bU+/+5k1OAPqH1QhFzwEp65IYiY4t/fjlVgI:XrXZ3cAdSU8jbU+MZkM+TbAmYOv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfbb4b1a0591476c957e9d55a5893075

Files

bfbb4b1a0591476c957e9d55a5893075
.exe windows:5 windows x86 arch:x86

9dfd8ea48f4e290e1c37658f13523977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAAsyncGetServByPort
gethostbyaddr
GetAcceptExSockaddrs
s_perror
dn_expand
gethostname
sendto
WSApSetPostRoutine
__WSAFDIsSet
TransmitFile
rresvport
WSACancelAsyncRequest
EnumProtocolsW

dsauth

StoreInitHandle
StoreDeleteObject
StoreEndSearch
StoreSetSearchSubTree
StoreSearchGetNext
StoreBeginSearch
StoreCreateObjectVA
DhcpAddServerDS
DhcpDsInitDS
DhcpDeleteServerDS
DhcpDsValidateService
DhcpDsCleanupDS
StoreSetSearchOneLevel
DhcpDsGetRoot
DhcpDsGetAttribs
StoreCollectAttributes

cryptui

I_CryptUIProtect
CryptUIDlgViewCertificateW
CryptUIDlgViewSignerInfoA
CryptUIWizCertRequest
CryptUIFreeCertificatePropertiesPagesA
RetrievePKCS7FromCA
CryptUIDlgSelectCA
CryptUIDlgFreeCAContext
CryptUIWizImport
CryptUIDlgViewCTLW
CryptUIWizFreeDigitalSignContext
WizardFree
CryptUIGetViewSignaturesPagesW

kernel32

EndUpdateResourceW
GetCurrentProcessId
GetStartupInfoA
ReadFile
GetLargestConsoleWindowSize
DefineDosDeviceA
SetConsoleCursorPosition
GetDevicePowerState
VirtualFreeEx
GetDiskFreeSpaceW
GetConsoleAliasesLengthW
GetModuleHandleW
GetNamedPipeInfo
QueryPerformanceCounter
GetCurrencyFormatW
UnhandledExceptionFilter
GetCurrentThreadId
LoadLibraryA
GetCommModemStatus
EnumCalendarInfoA
MoveFileWithProgressA
GetBinaryTypeW
MoveFileExW
GetTickCount
HeapUnlock
GetSystemTimeAsFileTime
VirtualAlloc
InvalidateConsoleDIBits

advapi32

CryptAcquireContextW
UnlockServiceDatabase
A_SHAFinal
CryptSetProviderExW
FileEncryptionStatusW
WmiQuerySingleInstanceA
TraceEventInstance
AbortSystemShutdownA
I_ScSetServiceBitsA
LsaClearAuditLog
CreateCodeAuthzLevel
RegCloseKey
IsValidSecurityDescriptor
SystemFunction041

cfgmgr32

CM_Open_Class_KeyW
CM_Get_Res_Des_Data
CM_Enumerate_Enumerators_ExA
CM_Invert_Range_List
CM_Open_Class_Key_ExW
CM_Uninstall_DevNode
CM_Get_Class_Registry_PropertyW
CM_Uninstall_DevNode_Ex
CMP_WaitNoPendingInstallEvents
CM_Test_Range_Available
CM_Query_And_Remove_SubTree_ExW
CM_Get_Sibling
CM_Get_Device_Interface_ListA
CM_Enable_DevNode
CM_Add_Empty_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Enable_DevNode_Ex
CM_Get_Device_Interface_List_Size_ExW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dfd8ea48f4e290e1c37658f13523977

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

dsauth

cryptui

kernel32

advapi32

cfgmgr32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 73KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 73KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 312B