073255248bb9cd8ebfb344a3b8764c3f80fefe83574cc963955d13c01d324c88

Sharing

Copy URL Twitter E-mail

General

Target

073255248bb9cd8ebfb344a3b8764c3f80fefe83574cc963955d13c01d324c88
Size

7.8MB
MD5

de7943ac67b9f2ff5db6fc7652f9535d
SHA1

7efcee992886a95227da4639bbe2cf039d87f02f
SHA256

073255248bb9cd8ebfb344a3b8764c3f80fefe83574cc963955d13c01d324c88
SHA512

7bcaa50c73d0dd8055d039d5d1895e738f1de4fa315228b46091c3b1ba484204051196e00af8e1b74ce1d287db79e02c4eebeb62e573b889b053b3de2ab6bc50
SSDEEP

196608:3aH8/H607NNHcIiRGpvx9TNJJ8MquSsl2moYQ8WDJ:J6OiYZ9TNvQsl2z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
073255248bb9cd8ebfb344a3b8764c3f80fefe83574cc963955d13c01d324c88

Files

073255248bb9cd8ebfb344a3b8764c3f80fefe83574cc963955d13c01d324c88
.exe windows:5 windows x86 arch:x86

3ae20c0fa8048428377cae25a3e4e091

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\nsp.netshield6\trunk\imp\place\code\pc\barclient\barclient\bin\barclient.pdb

Imports

ws2_32

gethostbyaddr
ioctlsocket
WSACleanup
WSASetLastError
__WSAFDIsSet
select
WSAIoctl
getsockname
ntohs
bind
getsockopt
getpeername
freeaddrinfo
getaddrinfo
sendto
recvfrom
gethostbyname
inet_ntoa
send
closesocket
shutdown
htonl
htons
WSAGetLastError
WSAStartup
recv
connect
inet_addr
setsockopt
gethostname
socket
accept
listen

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules
GetModuleBaseNameA

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

kernel32

CloseHandle
GetTickCount
FindFirstFileA
FindClose
FindNextFileA
Sleep
GetDriveTypeA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateMutexA
GetLastError
SetErrorMode
DeleteFileA
GlobalAlloc
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetProcAddress
GetModuleHandleW
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
GetTempPathA
GetSystemDirectoryA
SetFileAttributesA
FreeResource
GetVersionExA
GetLocalTime
GlobalLock
GlobalUnlock
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
CreateProcessA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
ReadFile
CreateDirectoryA
IsWow64Process
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
lstrcatA
GetFullPathNameA
EnterCriticalSection
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
WriteFile
GetSystemTimeAsFileTime
GetFileType
SetFilePointer
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetStdHandle
HeapCreate
HeapDestroy
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
SetHandleCount
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
GetModuleFileNameA
CopyFileA
CreateThread
CreateFileA
InterlockedIncrement
GetStringTypeExA
InterlockedCompareExchange
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
LocalFree
GetFileInformationByHandle
ReadConsoleInputA
SetConsoleMode
lstrcpyA

user32

GetParent
GetWindowRect
ExitWindowsEx
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
FindWindowExA
EndDialog
DefWindowProcA
GetDesktopWindow
PostMessageA
GetWindowTextA
LoadStringA
FindWindowA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetLastErrorEx
EndPaint
GetClientRect
GetSysColor
BeginPaint
SetFocus
MessageBeep
GetFocus
RegisterClassExA
SetDlgItemTextA
GetClassNameA
GetForegroundWindow
PostQuitMessage
UnregisterHotKey
KillTimer
RegisterDeviceNotificationA
SetTimer
GetWindowThreadProcessId
SetWindowPos
SetWindowTextA
DrawTextA
GetSystemMetrics
DialogBoxIndirectParamA
SendMessageA
FindWindowExW
GetWindowLongA
EnumWindows
LoadIconA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
RegDeleteValueW
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
RegOpenKeyExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHFileOperationA
ShellExecuteA

gdi32

SetBkColor
CreateFontIndirectA
SetBkMode
SelectObject
DeleteDC
DeleteObject

gdiplus

GdiplusShutdown

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

mciSendStringA

wldap32

ord32
ord35
ord30
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord211
ord26
ord50
ord60
ord143
ord22

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.3MB - Virtual size: 14.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ae20c0fa8048428377cae25a3e4e091

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

psapi

iphlpapi

setupapi

kernel32

user32

advapi32

shell32

gdi32

gdiplus

version

winmm

wldap32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 380KB - Virtual size: 380KB

.data Size: 52KB - Virtual size: 224KB

.rsrc Size: 14.3MB - Virtual size: 14.3MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 380KB - Virtual size: 380KB

.data
Size: 52KB - Virtual size: 224KB

.rsrc
Size: 14.3MB - Virtual size: 14.3MB