bbf7bfe0741201246bfe1391f83bd56726510796ae6a45a593198eb7750c2c8e

Sharing

Copy URL

Twitter E-mail

General

Target

bbf7bfe0741201246bfe1391f83bd56726510796ae6a45a593198eb7750c2c8e
Size

14.1MB
MD5

2fe8c0a3561b47accc49e36259da8f6a
SHA1

16fa04a7bddd48d8b94284e4a907e72ff16ad874
SHA256

bbf7bfe0741201246bfe1391f83bd56726510796ae6a45a593198eb7750c2c8e
SHA512

5e18406e45c583a9c43db18644f75def8009864f0368b8cac7ee9325c2617061b5b9fe15db1eb4ba320367671d94042d7d2c5b2c4bbb3ff4debfe05df1316667
SSDEEP

98304:NmH8Zbvpe16G1juG1k7fgXDpTqhF22X0g1bZopRHSo0IzNfoj5//pVCyIoybmn/M:u248GQfaDQhF22Xo3HzzN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
bbf7bfe0741201246bfe1391f83bd56726510796ae6a45a593198eb7750c2c8e

Files

bbf7bfe0741201246bfe1391f83bd56726510796ae6a45a593198eb7750c2c8e
.exe windows:6 windows x64 arch:x64

c62d4a19dbfea236cc37715c3198843a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetSystemTimeAsFileTime
RaiseException
InitializeSListHead
EncodePointer
IsDebuggerPresent
RtlPcToFileHeader
CreateMutexA
GetModuleHandleW
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
RtlUnwindEx
CreateThread
WriteConsoleW
MultiByteToWideChar
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
CancelIo
CreateEventW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
GetEnvironmentVariableW
CopyFileExW
TlsGetValue
Sleep
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
SleepConditionVariableSRW
WakeAllConditionVariable
FindFirstFileW
AcquireSRWLockExclusive
GetCurrentThreadId
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
FormatMessageW
WaitForSingleObject
FreeLibrary
LoadLibraryA
ReleaseMutex
CreateMutexW
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
GetTimeZoneInformationForYear
GetModuleHandleA
SetFileTime
GetUserDefaultLocaleName
lstrlenW
TlsSetValue
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
FindClose
FindNextFileW
CloseHandle
GetSystemInfo
GetCurrentThread
GetProcAddress
HeapReAlloc
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetHandleInformation
SetFilePointerEx
DuplicateHandle
GetCurrentProcess
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateIoCompletionPort
CreateWaitableTimerExW
GetQueuedCompletionStatusEx
SwitchToThread
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
SetThreadStackGuarantee
AddVectoredExceptionHandler
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetConsoleMode
SetFileAttributesW
MoveFileExW
CompareStringOrdinal
DeleteProcThreadAttributeList
FreeEnvironmentStringsW
TlsFree

user32

TrackMouseEvent
DispatchMessageA
MonitorFromRect
SetCursor
GetMessageA
ScreenToClient
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetRawInputData
CloseTouchInputHandle
SystemParametersInfoA
PostQuitMessage
CreateAcceleratorTableW
AppendMenuW
GetWindowLongW
SetMenuItemInfoW
CreateIcon
IsProcessDPIAware
GetUpdateRect
PeekMessageW
GetDC
PostThreadMessageW
GetTouchInputInfo
ValidateRect
MonitorFromWindow
DestroyWindow
RegisterTouchWindow
GetMonitorInfoW
GetSystemMetrics
LoadCursorW
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
SendInput
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
DestroyAcceleratorTable
DestroyIcon
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
SetWindowLongW
GetSystemMenu
ShowWindow
CheckMenuItem
EnableMenuItem
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
IsWindow
CreateWindowExW
EnumChildWindows
GetForegroundWindow
GetActiveWindow
SetCursorPos
InvalidateRgn
SetWindowPos
ClientToScreen
ReleaseCapture
GetCursorPos
IsIconic
SetMenu
RedrawWindow
PostMessageW
GetClientRect
CreateMenu
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
RegisterClassExW
FindWindowW
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ole32

CoInitializeEx
RevokeDragDrop
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
RegisterDragDrop
CreateStreamOnHGlobal
CoCreateInstance
OleInitialize

advapi32

RegQueryValueExW
RegCloseKey
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW

comctl32

SetWindowSubclass
DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass

shell32

SHAppBarMessage
DragFinish
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath
SHCreateItemFromParsingName

oleaut32

GetErrorInfo
SysFreeString
SetErrorInfo
SysStringLen

uxtheme

SetWindowTheme

ntdll

NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile
NtCreateFile

bcrypt

BCryptGenRandom

secur32

InitializeSecurityContextW
FreeContextBuffer
EncryptMessage
QueryContextAttributesW
AcceptSecurityContext
ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage

ws2_32

closesocket
getaddrinfo
getpeername
getsockname
WSAStartup
bind
connect
ioctlsocket
freeaddrinfo
getsockopt
shutdown
recv
send
WSASend
WSASocketW
setsockopt
WSAIoctl
WSAGetLastError
WSACleanup

crypt32

CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

ceil
floor
round
trunc
pow
roundf
exp2f
powf
truncf
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen
_wcsicmp
wcslen
wcsncmp
strcpy_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc
calloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_narrow_environment
__p___argc
_seh_filter_exe
_get_initial_narrow_environment
abort
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm
_initterm_e
exit
_exit
__p___argv
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62d4a19dbfea236cc37715c3198843a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

gdi32

dwmapi

ole32

advapi32

comctl32

shell32

oleaut32

uxtheme

ntdll

bcrypt

secur32

ws2_32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 429KB - Virtual size: 428KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 8.8MB - Virtual size: 8.8MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 429KB - Virtual size: 428KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 64KB - Virtual size: 64KB