5744f39bd81e200395ee9f9dd4b13befb71197a0fb9cadc7163803b5d9a94afb

Sharing

Copy URL

Twitter E-mail

General

Target

5744f39bd81e200395ee9f9dd4b13befb71197a0fb9cadc7163803b5d9a94afb
Size

4.3MB
MD5

70aeafe4eb901ee040eb4a15196b4aa8
SHA1

3c0b9b13495c0475c3bec4ba7e9a4dced77f99c1
SHA256

5744f39bd81e200395ee9f9dd4b13befb71197a0fb9cadc7163803b5d9a94afb
SHA512

cfd2d8bd90bb532f1891583117eae7e4adf8dd89182e2a0335eca80f7643b30672959e47a98ba9d89ed0d102de6ded480887550b9bb9381f39389ab789abf3e1
SSDEEP

49152:+KKxeyjA45RD50kBSbxR+DOblWylRrlV/cu5UZLikDepLNiXicJFFRGNzj3:WEyj90kBSbxR+DObf+Av7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5744f39bd81e200395ee9f9dd4b13befb71197a0fb9cadc7163803b5d9a94afb

Files

5744f39bd81e200395ee9f9dd4b13befb71197a0fb9cadc7163803b5d9a94afb
.exe windows:5 windows x86 arch:x86

9b6b9f990cfac4593fa2132c06f4a865

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\codegit\SetupBkavPro\BkavTemporaryUninstaller\BkavUninstaller\Release\BkavUnst.pdb

Imports

kernel32

FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEnvironmentVariableA
CreateFileA
GetProcessHeap
GetConsoleOutputCP
WriteConsoleA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
HeapReAlloc
HeapSize
HeapAlloc
LCMapStringW
GetTimeZoneInformation
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
GetFileType
WriteConsoleW
GetStdHandle
DebugBreak
GetSystemTimeAsFileTime
GetModuleFileNameA
RaiseException
ExitThread
ExitProcess
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
HeapValidate
VirtualQuery
GetSystemInfo
VirtualAlloc
GetStartupInfoW
FindResourceExW
SearchPathW
GetFileTime
GetFileSizeEx
FileTimeToSystemTime
GetProfileIntW
VirtualProtect
lstrcpyW
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
SetErrorMode
InterlockedIncrement
InterlockedDecrement
GlobalReAlloc
GetFileAttributesW
GetAtomNameW
lstrlenA
GetThreadLocale
GetFullPathNameW
OpenEventA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
GetHandleInformation
CompareStringW
LoadLibraryA
GlobalGetAtomNameW
GlobalFindAtomW
GetVersionExA
GetModuleHandleA
ResumeThread
SetThreadPriority
MulDiv
GlobalSize
FormatMessageW
GlobalUnlock
SetLastError
GetCurrentProcessId
GlobalAddAtomW
SetEvent
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalFree
CompareStringA
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
SetFilePointer
WriteFile
ReleaseMutex
CreateMutexW
MultiByteToWideChar
OutputDebugStringA
ExpandEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
Sleep
GetExitCodeThread
CopyFileW
CreateProcessW
LocalFree
GetCurrentDirectoryW
DeviceIoControl
GetLastError
ReadFile
GetDriveTypeW
GetLogicalDriveStringsW
GetLogicalDrives
CreateThread
GetLongPathNameW
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetVersionExW
lstrcpynW
lstrlenW
GetTempFileNameW
GetTickCount
GetTempPathW
MoveFileExW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetFileSize
CreateFileW
FindNextFileW
FindClose
FindFirstFileW
WideCharToMultiByte
MoveFileW
GetLocalTime
CreateDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GetSystemTime
EnterCriticalSection
LeaveCriticalSection
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetCurrentProcess
OutputDebugStringW
GetCommandLineW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
LoadLibraryExW
GetVolumeInformationW

user32

GetSysColor
ShowWindow
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
GetWindowTextLengthW
SetFocus
LoadMenuW
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DeleteMenu
CreatePopupMenu
CreateMenu
GrayStringW
DrawTextExW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateW
DrawIcon
FrameRect
FillRect
GetSysColorBrush
LoadCursorW
PostThreadMessageW
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetForegroundWindow
SetForegroundWindow
OpenClipboard
WindowFromPoint
SetParent
IsChild
GetTopWindow
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
GetCapture
KillTimer
SetTimer
GetWindowPlacement
EnableScrollBar
RedrawWindow
LockWindowUpdate
CharUpperW
IsWindowVisible
InvalidateRgn
CreateWindowExW
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
MapWindowPoints
GetClientRect
GetWindowRect
BringWindowToTop
GetWindowRgn
SetWindowRgn
IsZoomed
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
IsIconic
ReleaseCapture
WaitMessage
LoadAcceleratorsW
DestroyMenu
GetSystemMetrics
GetSystemMenu
DrawMenuBar
MapVirtualKeyW
GetKeyNameTextW
RemoveMenu
IsMenu
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuStringW
AppendMenuW
InsertMenuW
GetMenuItemID
EndDialog
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
MessageBoxW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
SetCursor
CallNextHookEx
PeekMessageW
GetCursorPos
SetWindowsHookExW
ValidateRect
GetMessageW
TranslateMessage
DispatchMessageW
GetMenuCheckMarkDimensions
LoadBitmapW
SetMenuItemBitmaps
GetFocus
TabbedTextOutW
SystemParametersInfoA
IntersectRect
GetMessagePos
GetMessageTime
GetMenu
SetMenu
DefWindowProcW
RemovePropW
CallWindowProcW
GetPropW
UnhookWindowsHookEx
SetPropW
GetClassLongW
SetWindowPlacement
TrackPopupMenu
SetScrollInfo
GetScrollInfo
ScrollWindow
SendMessageW
IsWindow
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
GetParent
WinHelpW
SystemParametersInfoW
OffsetRect
MessageBeep
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
DeferWindowPos
EqualRect
AdjustWindowRectEx
SendDlgItemMessageA
RegisterClassW
GetClassInfoW
GetClassInfoExW
ExitWindowsEx
DrawTextW
SubtractRect
UnionRect
InflateRect
SetRect
PostMessageW
LoadIconW
DestroyIcon
LoadImageW
GetKeyState
GetClassNameW
GetWindowTextW
FindWindowExW
EnumWindows
PostQuitMessage
InvalidateRect
RegisterWindowMessageW
DestroyAcceleratorTable
CreateAcceleratorTableW
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetAsyncKeyState
NotifyWinEvent
EnumChildWindows
RegisterClipboardFormatW
SetClassLongW
CharNextW
SetRectEmpty
GetClipboardFormatNameA
GetClipboardFormatNameW
UnpackDDElParam
TranslateAcceleratorW
ReuseDDElParam
DrawIconEx
UnregisterClassW
SetCursorPos
UpdateLayeredWindow
IsCharLowerW
MapVirtualKeyExW
DefFrameProcW
TranslateMDISysAccel
DefMDIChildProcW
IsClipboardFormatAvailable
CharUpperBuffW
PtInRect
CopyIcon
IsRectEmpty
GetIconInfo
GetDoubleClickTime
DestroyCursor
ShowOwnedPopups

gdi32

OffsetRgn
GetRgnBox
PtInRegion
RealizePalette
GetBkColor
GetTextColor
GetMapMode
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
PtVisible
RectVisible
Polyline
Ellipse
Polygon
Rectangle
RoundRect
PatBlt
BitBlt
StretchBlt
ExtFloodFill
TextOutW
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
Escape
GetBoundsRect
SetPixelV
GetNearestPaletteIndex
CombineRgn
SaveDC
RestoreDC
SelectPalette
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
ExtSelectClipRgn
GetDCOrgEx
GetDIBits
EnumFontFamiliesW
GetTextCharsetInfo
CreateDIBitmap
EnumFontFamiliesExW
GetSystemPaletteEntries
SetPaletteEntries
GetPaletteEntries
SetRectRgn
CreatePalette
CreateCompatibleBitmap
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
CreateFontW
CreateFontIndirectW
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
GetPixel
CreatePen
GetObjectType
GetStockObject
GetDeviceCaps
CopyMetaFileW
CreateBitmap
ExtTextOutW
DeleteObject
GetObjectW
CreateDIBSection
DeleteDC
SelectObject
SetPixel
CreateCompatibleDC
SetTextColor
SetDIBColorTable

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptGetHashParam
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
QueryServiceStatusEx
ControlService
DeleteService
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
RevertToSelf
OpenThreadToken
GetLengthSid

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord190
ord155
SHGetFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteW
DragQueryFileW
DragFinish
CommandLineToArgvW
SHAppBarMessage
SHBrowseForFolderW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindExtensionW
PathRemoveFileSpecW
StrStrIW
PathFindFileNameW
SHGetValueW
PathIsUNCW
PathStripToRootW

oledlg

OleUIBusyW

ole32

OleLockRunning
OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoInitializeEx
StringFromGUID2
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
RegisterDragDrop
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CoLockObjectExternal
CoRegisterMessageFilter
RevokeDragDrop
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRevokeClassObject
CoTaskMemFree
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString
SystemTimeToVariantTime
SysFreeString

gdiplus

GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 776KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b6b9f990cfac4593fa2132c06f4a865

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

psapi

version

imm32

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 25KB - Virtual size: 55KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 776KB - Virtual size: 780KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 25KB - Virtual size: 55KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 776KB - Virtual size: 780KB