213dbf111ebb62c80e9d961d1cee6a07e5124e65e5ae19ed486a77ddfc642124

Sharing

Copy URL Twitter E-mail

General

Target

213dbf111ebb62c80e9d961d1cee6a07e5124e65e5ae19ed486a77ddfc642124
Size

218KB
MD5

67ba7eb0bdb6458200cc5f8b3b587b7d
SHA1

c7b6a49d5076e444824d000a6a87842c0bd98d93
SHA256

213dbf111ebb62c80e9d961d1cee6a07e5124e65e5ae19ed486a77ddfc642124
SHA512

dc28ee10c3942894c121ec7ed1e9d046544cba308adf12e47d801f23d4f6e107e73b8c418e0091444ead9f789112df247a16957dd38c65724fe91a6f72f9c244
SSDEEP

3072:E8gIN8VRPWL/NtQKNJLtsRWC5pfPzSSDgcIhU3kOV:E8/8VRP6Vft4fPL3lV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
213dbf111ebb62c80e9d961d1cee6a07e5124e65e5ae19ed486a77ddfc642124

Files

213dbf111ebb62c80e9d961d1cee6a07e5124e65e5ae19ed486a77ddfc642124
.exe windows:6 windows x86 arch:x86

9af9b5ebbbad2063fc7ab12343470082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Technochroma\Documents\Visual Studio\bgi\bgi\Debug\bgi.pdb

Imports

kernel32

InitializeSListHead
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateMutexA
SetEvent
FormatMessageA
LocalFree
CreateThread
WaitForMultipleObjects
CreateEventA
ResetEvent
GetLastError
Sleep
WriteFile
SetFilePointer
WaitForSingleObject
ReleaseMutex
CloseHandle
ReadFile
GetFileSize
CreateFileA
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalAlloc

user32

GetDC
UpdateWindow
BeginPaint
EndPaint
SetWindowLongA
AppendMenuA
ReleaseDC
InvalidateRect
FillRect
GetWindowLongA
SetCursor
LoadCursorA
GetSystemMetrics
SendMessageA
UnregisterClassA
RegisterClassExA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
ShowWindow
PostQuitMessage
CreateWindowExA
GetSystemMenu

gdi32

ExtCreatePen
SetROP2
SetBkColor
GetPixel
CreatePatternBrush
CreateHatchBrush
CreateBitmap
Polyline
Polygon
LPtoDP
DPtoLP
TextOutA
MoveToEx
EndPage
StartPage
EndDoc
StartDocA
SetTextColor
StretchBlt
SetPixelV
CreateFontA
SelectObject
SelectClipRgn
Rectangle
Pie
LineTo
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetBitmapBits
FloodFill
Ellipse
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
Arc
GetObjectA
SelectPalette
SetViewportOrgEx
GetTextExtentPoint32A
SetBitmapBits
CreatePalette
RealizePalette
CreateDIBitmap
SetTextAlign
DeleteObject
GetDeviceCaps
GetDIBits
GetStockObject
GetSystemPaletteEntries

comdlg32

GetOpenFileNameA
PrintDlgA
GetSaveFileNameA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcp140d

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z

vcruntime140d

memcpy
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memset
memmove
__current_exception
__current_exception_context
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__std_type_info_destroy_list

ucrtbased

_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_CrtDbgReportW
strcpy_s
strcat_s
__stdio_common_vsprintf_s
terminate
_seh_filter_exe
_set_app_type
__setusermatherr
_get_narrow_winmain_command_line
_initterm
_initterm_e
_register_onexit_function
_set_fmode
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_free_dbg
_wmakepath_s
_wsplitpath_s
wcscpy_s
_controlfp_s
_initialize_onexit_table
strlen
strcat
_wassert
_CrtDbgReport
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
malloc
_callnewh
__stdio_common_vsprintf
sqrt
pow
fabs
toupper
tan
sin
cos
abs
_exit
exit
_invalid_parameter

Sections

.textbss
Size: - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9af9b5ebbbad2063fc7ab12343470082

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

msvcp140d

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 71KB

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 10KB

.msvcjmc Size: 3KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.textbss
Size: - Virtual size: 71KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 10KB

.msvcjmc
Size: 3KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB