c2fca7d8f42c85b049ecfcf8ca5ed11a

Sharing

Copy URL Twitter E-mail

General

Target

c2fca7d8f42c85b049ecfcf8ca5ed11a
Size

598KB
MD5

c2fca7d8f42c85b049ecfcf8ca5ed11a
SHA1

dcac781e2f639629a98f1f9d1cad17c8d6e27374
SHA256

c52e406eb197d9f90814ecd7fb5a5f00d3fad049f70b922244804b7fb8d5544c
SHA512

ca4533983d5abe44f7af5ae4782928f668d4193f8270b66fc57cda4eec62200fa18cb4a5dbd40ebbfcf46508c9c8dfc264d87af35097208280951ee905179e71
SSDEEP

12288:pdHEh7LKkK4W1sVF1n94CMwLcdvkZAddU97QCHYrhfACa:PkgB4WcjnO1wLivG8Ic5FfACa

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BGEye Helper App Closer [Safety Checker].exe
unpack001/BGEye Helper App [Safety Checker].exe
unpack001/BGEye Suit Editor.exe
unpack001/BGEye.exe
unpack001/Uninstall BGEye.exe

Files

c2fca7d8f42c85b049ecfcf8ca5ed11a
.rar
BGEye Helper App Closer [Safety Checker].exe
.exe windows:4 windows x86 arch:x86

74cf0fe555ea95321cde65c5be2ede31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
GetStringTypeW

user32

MessageBoxA
BroadcastSystemMessageA
RegisterWindowMessageA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BGEye Helper App [Safety Checker].exe
.exe windows:4 windows x86 arch:x86

8fa1231de64ae409195290dc83a7e208

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA
PathQuoteSpacesA

kernel32

DeleteFileA
GetWindowsDirectoryA
GetLastError
GetModuleFileNameA
Sleep
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
SetHandleCount
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc

user32

DispatchMessageA
GetMessageA
WaitMessage
PeekMessageA
BroadcastSystemMessageA
ShowWindow
RegisterWindowMessageA
SendMessageA
KillTimer
EndDialog
PostQuitMessage
MessageBoxA
SystemParametersInfoA
CreateDialogParamA
SetTimer

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BGEye Suit Editor.exe
.exe windows:4 windows x86 arch:x86

4f750b8a51d16410162f87c621f103f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetACP
GetCPInfo
ReadFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
HeapAlloc
SetFilePointer
WriteFile
LoadLibraryA
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
CreateFileA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
TerminateProcess
GetLastError
HeapFree
CloseHandle
DeleteFileA
GetModuleHandleA
GetModuleFileNameA
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetProcAddress
SetEndOfFile
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetFileType
MultiByteToWideChar

user32

SetWindowTextA
EndDialog
GetDlgItem
PostQuitMessage
MessageBoxA
SendMessageA
GetWindowRect
GetWindowPlacement
GetParent
SystemParametersInfoA
SetWindowPlacement
ShowWindow
GetWindowTextA
DialogBoxParamA
CreateDialogParamA
DestroyIcon
DestroyWindow
WaitMessage
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
SetCursor
EnableWindow
CheckDlgButton
IsDlgButtonChecked
PostMessageA
LoadImageA

gdi32

DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathAddBackslashA
PathIsDirectoryA
PathRemoveFileSpecA

comctl32

ord17

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BGEye.exe
.exe windows:4 windows x86 arch:x86

e92e546c9d740dcb36b8e9b8403fbe11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\documents and settings\asper\my documents\all_optionalreaction_code\all_optionalreaction_code\bgeye v3_0_4_2\release\BGEye.pdb

Imports

shlwapi

PathQuoteSpacesA
PathRemoveFileSpecA
PathIsDirectoryA
PathAddBackslashA

d3d9

Direct3DCreate9

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

winmm

timeGetTime

psapi

EnumProcesses

kernel32

LocalFree
GetLastError
DeleteFileA
MultiByteToWideChar
GetModuleHandleA
GetWindowsDirectoryA
lstrcpynA
CreateMutexA
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetExitCodeThread
SetThreadPriority
GetCurrentThread
CreateThread
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
SetCurrentDirectoryA
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
OutputDebugStringA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileW
WideCharToMultiByte
GetVersionExA
UnmapViewOfFile
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
SetEnvironmentVariableA
LocalAlloc
CompareStringA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
ReadFile
VirtualQuery
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RaiseException
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
ExitProcess
GetOEMCP
GetACP
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetDriveTypeA
GetVolumeInformationA
GlobalMemoryStatus
GetComputerNameA
GetSystemRegistryQuota
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
CreateFileA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
SystemTimeToFileTime
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoW
WriteConsoleA
GetSystemTimeAsFileTime
GetTimeFormatA
GetTimeZoneInformation
GetDateFormatA
HeapReAlloc
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetCommandLineA
GetStartupInfoA
RtlUnwind
CompareStringW
SetEndOfFile
TerminateProcess

user32

DispatchMessageA
EndDialog
SetWindowTextA
GetDlgItem
SetWindowPlacement
SetRect
InvalidateRect
GetParent
SetFocus
GetWindowPlacement
GetWindowRect
DestroyIcon
CreateDialogParamA
ShowWindow
UpdateWindow
KillTimer
SetTimer
RegisterWindowMessageA
LoadMenuA
GetSubMenu
SetMenuItemInfoA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
WaitMessage
PeekMessageA
BroadcastSystemMessageA
DestroyWindow
GetMessageA
TranslateMessage
PostMessageA
EnableWindow
CheckDlgButton
GetWindowTextA
LoadCursorA
SetCursor
IsDlgButtonChecked
PostQuitMessage
LoadImageA
GetSystemMetrics
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DialogBoxParamA
SystemParametersInfoA
SendMessageA
MessageBoxA

gdi32

MoveToEx
ExtTextOutA
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
GetTextMetricsA
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
SelectObject
DeleteDC
CreateDIBSection
GetObjectW
GetObjectA
CreateSolidBrush
DeleteObject
SetBkColor
SetBkMode
ExtTextOutW

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegOpenKeyA

shell32

SHGetDiskFreeSpaceExA
Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall BGEye.exe
.exe windows:4 windows x86 arch:x86

daf64ccb82231a7c1ea3178de5f73319

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA

kernel32

Sleep
DeleteFileA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
ReadFile
HeapSize

user32

MessageBoxA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[XP_NEUTRAL]/COMPASS-a.png
.png
[XP_NEUTRAL]/COMPASS.dds
[XP_NEUTRAL]/COMPASS.png
.png
[XP_NEUTRAL]/Copy of COMPASS-a.png
.png
[XP_NEUTRAL]/bar.dds
[XP_NEUTRAL]/bar.png
.png
[XP_NEUTRAL]/barbg.dds
[XP_NEUTRAL]/barbg.png
.png
[XP_NEUTRAL]/iconAudio-a.png
.png
[XP_NEUTRAL]/iconAudio.dds
[XP_NEUTRAL]/iconAudio.png
.png
[XP_NEUTRAL]/iconCPU-a.png
.png
[XP_NEUTRAL]/iconCPU.dds
[XP_NEUTRAL]/iconCPU.png
.png
[XP_NEUTRAL]/iconComputerName-a.png
.png
[XP_NEUTRAL]/iconComputerName.dds
[XP_NEUTRAL]/iconComputerName.png
.png
[XP_NEUTRAL]/iconDate-a.png
.png
[XP_NEUTRAL]/iconDate.dds
[XP_NEUTRAL]/iconDate.png
.png
[XP_NEUTRAL]/iconGFX-a.png
.png
[XP_NEUTRAL]/iconGFX.dds
[XP_NEUTRAL]/iconGFX.png
.png
[XP_NEUTRAL]/iconLocalDrive-a.png
.png
[XP_NEUTRAL]/iconLocalDrive.dds
[XP_NEUTRAL]/iconLocalDrive.png
.png
[XP_NEUTRAL]/iconNetwork-a.png
.png
[XP_NEUTRAL]/iconNetwork.dds
[XP_NEUTRAL]/iconNetwork.png
.png
[XP_NEUTRAL]/iconProcesses-a.png
.png
[XP_NEUTRAL]/iconProcesses.dds
[XP_NEUTRAL]/iconProcesses.png
.png
[XP_NEUTRAL]/iconRAM-a.png
.png
[XP_NEUTRAL]/iconRAM.dds
[XP_NEUTRAL]/iconRAM.png
.png
[XP_NEUTRAL]/iconRemoteDrive-a.png
.png
[XP_NEUTRAL]/iconRemoteDrive.dds
[XP_NEUTRAL]/iconRemoteDrive.png
.png
[XP_NEUTRAL]/iconUSB-a.png
.png
[XP_NEUTRAL]/iconUSB.dds
[XP_NEUTRAL]/iconUSB.png
.png
[XP_NEUTRAL]/iconUptime-a.png
.png
[XP_NEUTRAL]/iconUptime.dds
[XP_NEUTRAL]/iconUptime.png
.png
[XP_NEUTRAL]/iconUserName-a.png
.png
[XP_NEUTRAL]/iconUserName.dds
[XP_NEUTRAL]/iconUserName.png
.png
[XP_NEUTRAL]/suit.txt
[XP_NEUTRAL]/xpblue.jpg
.jpg
bgeye_information.txt
changelog.txt
pad_file.xml
.xml
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

74cf0fe555ea95321cde65c5be2ede31

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

8fa1231de64ae409195290dc83a7e208

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

4f750b8a51d16410162f87c621f103f8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 28KB - Virtual size: 151KB

.rsrc Size: 24KB - Virtual size: 23KB

e92e546c9d740dcb36b8e9b8403fbe11

Headers

File Characteristics

PDB Paths

Imports

shlwapi

d3d9

setupapi

winmm

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 468KB - Virtual size: 467KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 44KB - Virtual size: 336KB

.rsrc Size: 48KB - Virtual size: 47KB

daf64ccb82231a7c1ea3178de5f73319

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 28KB - Virtual size: 151KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 468KB - Virtual size: 467KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 44KB - Virtual size: 336KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB