bcdffa6f6b8a623323c00cd4f0d3c4af938b4f69f80682380a62e4740c1ec90a

Sharing

Copy URL Twitter E-mail

General

Target

bcdffa6f6b8a623323c00cd4f0d3c4af938b4f69f80682380a62e4740c1ec90a
Size

3.3MB
MD5

11e48f4f6e7c03eb825ca5ddaef20a2e
SHA1

4982bbdda392f0402624a0442fb7c4aa190be606
SHA256

bcdffa6f6b8a623323c00cd4f0d3c4af938b4f69f80682380a62e4740c1ec90a
SHA512

2fd6842b826c4e5b6fc41cdd1fefe5a396d35544e3879bde236e9516cddcc64a0e8a0daeaefee0cfdddf2765cdb25c1d941634183f33ed9d64b1385eaeb7a2cf
SSDEEP

49152:A7Y7q1UGMX7FcLTuuQTZw4R6CdxmN9lG48mMO+TFXiqLjOQwxd1DKA1aDo4Dj9Ij:AS7FcLTufa4kKmN9lG48xO+TF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcdffa6f6b8a623323c00cd4f0d3c4af938b4f69f80682380a62e4740c1ec90a

Files

bcdffa6f6b8a623323c00cd4f0d3c4af938b4f69f80682380a62e4740c1ec90a
.exe windows:6 windows x86 arch:x86

b8ca0444f7999cc842a4e43a90885f35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
ReadFile
GetCommandLineW
FindNextFileW
TerminateProcess
CreatePipe
PeekNamedPipe
OpenProcess
GlobalFlags
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentProcessId
CreateProcessW
CopyFileW
VirtualQuery
GenerateConsoleCtrlEvent
GetExitCodeProcess
GetSystemTimeAsFileTime
VerSetConditionMask
VerifyVersionInfoW
lstrcmpiW
LoadLibraryExW
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindResourceW
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
EnumSystemLocalesW
IsValidLocale
WriteFile
GetStdHandle
GetCommandLineA
GetModuleHandleExW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
LoadResource
FreeResource
SizeofResource
MulDiv
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
FormatMessageW
TerminateThread
SuspendThread
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableW
GetShortPathNameW
OpenEventW
GetLocalTime
GetTimeFormatW
GetDateFormatW
SetWaitableTimer
LockResource
CreateWaitableTimerW
GetCurrentProcess
SetFileAttributesW
ReadDirectoryChangesW
CreateFileW
MultiByteToWideChar
DeleteFileW
SetLastError
LeaveCriticalSection
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
ResumeThread
GetFileAttributesW
FindClose
FindFirstFileW
GetVolumeInformationW
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTickCount
GetTimeZoneInformation
WideCharToMultiByte
ResetEvent
ExitProcess
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
PostQueuedCompletionStatus
CreateEventW
CreateIoCompletionPort
GetSystemInfo
CreateThread
GetQueuedCompletionStatus
SetEvent
SetThreadPriority
WaitForSingleObject
CloseHandle
CreateSemaphoreW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetOEMCP
HeapFree
SetEndOfFile

user32

SetCapture
ReleaseCapture
ModifyMenuW
GetMenu
GetMenuItemCount
DeleteMenu
CreatePopupMenu
TrackPopupMenu
GetSubMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyMenu
TranslateAcceleratorW
AppendMenuW
CreateMenu
GetCursorPos
MonitorFromWindow
SetActiveWindow
WaitForInputIdle
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
EnumDisplaySettingsW
GetPropW
CreateWindowExW
RemovePropW
LoadStringW
SetPropW
DrawFocusRect
FrameRect
DrawStateW
CopyRect
OffsetRect
WindowFromPoint
FillRect
InflateRect
GetClassInfoExW
RegisterClassExW
IsWindowVisible
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetSystemMetrics
GetFocus
GetActiveWindow
GetDesktopWindow
MessageBoxW
IsWindow
SetFocus
GetWindowLongW
GetNextDlgTabItem
EndPaint
BeginPaint
IsRectEmpty
GetCapture
DestroyIcon
CharNextW
PostQuitMessage
GetDlgItem
RedrawWindow
FindWindowExW
IsIconic
IntersectRect
WinHelpW
SetMenu
EndDialog
GetTopWindow
IsZoomed
SetRect
MessageBeep
PtInRect
GetLastActivePopup
GetSystemMenu
SetWindowRgn
DrawIcon
IsDialogMessageW
GetDlgCtrlID
LoadIconW
LoadCursorW
LoadImageW
GetDC
GetWindowDC
GetClientRect
ReleaseDC
GetWindowThreadProcessId
PostMessageW
SetWindowPos
SetWindowLongW
InvalidateRect
ShowWindow
SetParent
MoveWindow
DestroyWindow
GetSysColor
DefWindowProcW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
EnableWindow
GetWindowRect
GetParent
ScreenToClient
CallWindowProcW
UpdateWindow
GetKeyState
SetCursor
GetWindow
AdjustWindowRectEx
DialogBoxParamW
ExitWindowsEx
MsgWaitForMultipleObjects
wsprintfW
GetClassNameW
EnumWindows
ShowWindowAsync
CloseWindow
GetAncestor
FindWindowW
SetDlgItemTextW
ClientToScreen
SendMessageW
DrawTextW
KillTimer
SetTimer
MessageBoxTimeoutW
IsChild

gdi32

SetBkColor
MoveToEx
CreatePen
LineTo
SetBkMode
SetTextColor
GetClipBox
PatBlt
CreateEllipticRgn
CreateRoundRectRgn
ExcludeClipRect
GetTextMetricsW
GetCurrentObject
CreateSolidBrush
Rectangle
CombineRgn
CreateRectRgn
RoundRect
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GdiAlphaBlend
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
SetStretchBltMode
Ellipse
DeleteObject
CreateFontIndirectW

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegQueryInfoKeyW
RegDeleteKeyW
OpenProcessToken
RegDeleteValueW
RegCloseKey

shell32

Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleRun
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SystemTimeToVariantTime
LHashValOfNameSys
VariantTimeToSystemTime
LoadTypeLi
VariantCopyInd
VariantInit
RegisterTypeLi
SysAllocString
VariantCopy
VarCmp
VariantChangeType
VariantClear
SysFreeString

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon
InitCommonControlsEx

bcrypt

BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptDecrypt

sqlite3

sqlite3_open_v2
sqlite3_shutdown
sqlite3_finalize
sqlite3_column_text
sqlite3_column_int
sqlite3_step
sqlite3_close_v2
sqlite3_exec
sqlite3_free
sqlite3_prepare_v2

libiconv

libiconv_close
libiconv_open
libiconv

vmprotectsdk32

VMProtectEnd
VMProtectBeginUltra

gdiplus

GdipGetImageHeight
GdipDeleteGraphics
GdipGetImagePalette
GdipSetCompositingMode
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipAlloc

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveBlanksW
PathFindExtensionW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpen
WinHttpOpenRequest

winmm

timeSetEvent
PlaySoundW
timeKillEvent

ws2_32

WSACleanup

Exports

Exports

?get_active_implementation@simdutf@@YAAAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAABVavailable_implementation_list@internal@1@XZ

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8ca0444f7999cc842a4e43a90885f35

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

bcrypt

sqlite3

libiconv

vmprotectsdk32

gdiplus

iphlpapi

shlwapi

version

winhttp

winmm

ws2_32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 365KB - Virtual size: 364KB

.data Size: 20KB - Virtual size: 31KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 109KB - Virtual size: 109KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 365KB - Virtual size: 364KB

.data
Size: 20KB - Virtual size: 31KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 109KB - Virtual size: 109KB