bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f

Sharing

Copy URL Twitter E-mail

General

Target

bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f
Size

1.7MB
MD5

5b32fd55fe0d459269f2c09bb286cddf
SHA1

73343cbf7c655f92226cfdd5454c1440bbb720cf
SHA256

bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f
SHA512

8b3be98fe15db6d15af13a6022e9ab0613a9314d1a351b7c824bfcf174fe7836d91e517d1d9be5f573d8d0ce10f679bf937a8a9fad772697f5ae1e836409fa41
SSDEEP

24576:sIj+RS2Blc5B8RHOUe0u26loPX95epesmNY8XnQn6528POZqHW:s++RiB8RHju262P9cpesmNrX6yNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f

Files

bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f
.exe windows:4 windows x64 arch:x64

bcdb03ee8222d8fb75e62428fd387fb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualProtect
VirtualQuery
__C_specific_handler
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CreateEventW
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
ExitProcess
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimes
GetTickCount64
GetVolumeInformationW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
IsDebuggerPresent
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
OpenProcess
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadFileEx
ReadProcessMemory
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetConsoleMode
SetConsoleTextAttribute
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WriteConsoleW
WriteFileEx

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_fpreset
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

memset
strlen
strncmp
wcslen

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtQueryInformationProcess
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlCaptureContext
RtlGetVersion
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

user32

ShowWindow

advapi32

GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

oleaut32

SysAllocString
SysFreeString
VariantClear

pdh

PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

powrprof

CallNtPowerInformation

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExW
GetPerformanceInfo

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
QueryContextAttributesW

shell32

CommandLineToArgvW

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
recv
send
setsockopt
shutdown

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcdb03ee8222d8fb75e62428fd387fb3

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

ntdll

ole32

user32

advapi32

iphlpapi

netapi32

oleaut32

pdh

powrprof

psapi

secur32

shell32

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1024B - Virtual size: 656B

.rdata Size: 434KB - Virtual size: 433KB

.pdata Size: 28KB - Virtual size: 28KB

.xdata Size: 39KB - Virtual size: 39KB

.bss Size: - Virtual size: 832B

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1024B - Virtual size: 656B

.rdata
Size: 434KB - Virtual size: 433KB

.pdata
Size: 28KB - Virtual size: 28KB

.xdata
Size: 39KB - Virtual size: 39KB

.bss
Size: - Virtual size: 832B

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB