49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0.zip
Size

1.7MB
MD5

d790bec812f7dc31161e3c1bf61efb68
SHA1

e7754713c8adf9837d9c000750310e178a54153d
SHA256

f328ab720b83dde52145036039d6f95cbfd0e48dc3b1ebb6576190e564ecece0
SHA512

33c501ecf406a3edc7e68c2d6eba63e821ddd025204ec608242821aceba761d87726cc461529ad45deea53757bfc507ea8970d38a38c7de555bf4a7b41cea222
SSDEEP

49152:H0ZlmvJPD64YHFKImlBE26ey/0dhCa5+P:H0XmBPD6ZHFKIGYe00d5UP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0.exe

Files

49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0.zip
.zip

Password: infected
49220571574da61781de37f35c66e8f0dadb18fdedb6d3a1be67485069cfd4b0.exe
.dll windows:6 windows x64 arch:x64

13904d1cc18631217d0dcb5bf82fbc09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\testing3\data\bdnc\BDNIMBUS-3071711\BDNIMBUS\bin\release\bdnc.pdb

Imports

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCreateCertificateContext
CertFreeCertificateContext
CertEnumCRLsInStore
CertGetNameStringA
CertCloseStore
CertOpenSystemStoreA

winmm

timeGetTime

ws2_32

inet_ntoa
inet_addr
WSAGetOverlappedResult
select
getnameinfo
WSASend
WSARecv
getpeername
inet_ntop
gethostname
sendto
recvfrom
send
recv
freeaddrinfo
getaddrinfo
WSASetLastError
getprotobynumber
getservbyname
getservbyport
ntohl
gethostbyaddr
htonl
getsockopt
getsockname
ioctlsocket
connect
bind
accept
WSAWaitForMultipleEvents
WSASetEvent
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
closesocket
shutdown
WSAGetLastError
WSACleanup
WSAStartup
ntohs
htons
listen
gethostbyname
setsockopt

iphlpapi

if_nametoindex

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

secur32

InitSecurityInterfaceA

bcrypt

BCryptGenRandom

kernel32

IsValidCodePage
FindFirstFileExW
FlushFileBuffers
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetCommandLineW
FlsFree
GetEnvironmentStringsW
FlsGetValue
GetOEMCP
HeapReAlloc
HeapAlloc
HeapFree
FreeLibraryAndExitThread
ResumeThread
ExitThread
SetConsoleCtrlHandler
SetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
InterlockedFlushSList
GetCPInfo
FlsAlloc
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
GetCommandLineA
FlsSetValue
HeapSize
WriteConsoleW
GetSystemDirectoryA
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentThreadId
GetThreadId
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
GetFileSize
ReadFile
GetLastError
ReleaseMutex
CreateMutexA
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
DeleteFileW
GetFileSizeEx
GetFileTime
WriteFile
GetCurrentProcessId
MoveFileW
LocalFree
FormatMessageA
GetTickCount64
VirtualAlloc
VirtualFree
SetFilePointerEx
SwitchToThread
RtlUnwind
FreeLibrary
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersion
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ResetEvent
GetTickCount
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
SetWaitableTimer
GetSystemTimeAsFileTime
CreateWaitableTimerA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
CreateSemaphoreA
SetLastError
GetSystemTime
SystemTimeToFileTime
GetModuleHandleExW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
SwitchToFiber
DeleteFiber
CreateFiberEx
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
GetModuleHandleW
GetEnvironmentVariableW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
GetCurrentProcess
TerminateProcess
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead

Exports

Exports

bdnimbus_ask
bdnimbus_ask_async
bdnimbus_ask_bin
bdnimbus_ask_bin_async
bdnimbus_ask_json
bdnimbus_ask_json_async
bdnimbus_dup_option
bdnimbus_file_upload
bdnimbus_file_upload_async
bdnimbus_free_option
bdnimbus_free_response
bdnimbus_gen_upload
bdnimbus_gen_upload_async
bdnimbus_get_option
bdnimbus_init
bdnimbus_json_alloc
bdnimbus_json_array_at
bdnimbus_json_array_size
bdnimbus_json_foreach
bdnimbus_json_free
bdnimbus_json_long
bdnimbus_json_object
bdnimbus_json_path
bdnimbus_json_real
bdnimbus_json_string
bdnimbus_json_type_of
bdnimbus_mem_upload
bdnimbus_mem_upload_async
bdnimbus_push_bin
bdnimbus_push_info
bdnimbus_push_json
bdnimbus_set_option
bdnimbus_set_optionv
bdnimbus_text
bdnimbus_uninit
checkit

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

13904d1cc18631217d0dcb5bf82fbc09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

crypt32

winmm

ws2_32

iphlpapi

advapi32

secur32

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 845KB - Virtual size: 844KB

.data Size: 33KB - Virtual size: 56KB

.pdata Size: 141KB - Virtual size: 140KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 845KB - Virtual size: 844KB

.data
Size: 33KB - Virtual size: 56KB

.pdata
Size: 141KB - Virtual size: 140KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 34KB - Virtual size: 34KB