bfc81833cd68891bd51424113c7a36c98ba849b1427c236d77e12cdf57f327af

Sharing

Copy URL Twitter E-mail

General

Target

bfc81833cd68891bd51424113c7a36c98ba849b1427c236d77e12cdf57f327af
Size

4.0MB
MD5

e60cfc11c90f46e5d2c282bf3a28262e
SHA1

29e7231dee2340bb5bf93fa083306b9b201422bf
SHA256

bfc81833cd68891bd51424113c7a36c98ba849b1427c236d77e12cdf57f327af
SHA512

0b199751f0590d49b9c79ca3c5528dba30404582a18c1e260511f29459efcee1341ce7e5b5e245d62d3b064c0758d2dfd5df897b002e8b65d82818be0fd9c2ce
SSDEEP

98304:hRvrWn43l5JvESLWkwHuTTcWTPtVFRUB2Z+e+DU/0vW5vqj:h8S9wOTcWTP3FRUR9DIv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfc81833cd68891bd51424113c7a36c98ba849b1427c236d77e12cdf57f327af

Files

bfc81833cd68891bd51424113c7a36c98ba849b1427c236d77e12cdf57f327af
.exe windows:5 windows x86 arch:x86

a79887b1fe5f003a63d9d419c9a044a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

VariantChangeType

advapi32

RegQueryValueExA

user32

GetScrollRange

kernel32

SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

GetCurrentPositionEx

version

GetFileVersionInfoA

comctl32

ImageList_GetIconSize

ntdll

RtlAdjustPrivilege

Exports

Exports

H�C?�tBl4ħ��^8R��Z6��!�nJ7�z�N� [��)�|��޹��o8=��ŭ>��S��Mq!h��(l��8 �CK>�)��;��2�m�X�q5#z��XC<��e`�=��\}��s�qY�x�!#��|�`&f<�K��Q�X�KgbP�008n5�5��+O�V��%��eWs��| ��T��<ŏ��~�3��*H�1��Km'��շL��Hն��g#�~��?��b�$ `��k�a��8o��!"x��\VDEh��/��#�#98e2��*w'� ��+S�x��rg�3��Ǔ4+�� K�ړ��y��Y�x�S��G0�W��տ�oI'�9��U�kw�ߖ�6��R8e��}�H�j{W�o3f�q�M�_Na㱛W/��JWG��ѿ"^�W��ėn�;!�]|:'�9�+N��¦�E��>~ȕ�Z��3��oH�_��ǭ��ݰj$�װ��D��_��U8#�B��Qh�X�u&��<$9�K�c�}Z��~ɂ�{*m�L�YT�ڄ\Ö��4,�3�o�ހ��Y�W5�H�� G�%�G��'�a�b|č�9�bt��_��_��L� B�rz_<E+-��Z�%^�E]�"�r��>K��K�zsH�|E�f��/� ��2�]��@C�k-ru{�/#�w�ɡC��a�*�e(1�'�n�&_iY��"ge75��M8��Sb�&.�t�� HN9 �z|��ٙ f�9s��;J��2�%��P;G�/?��I��T[�O� �"��_n/E8�[0s��.~��W�0��0Io�0d��֥a��vB7�*:ː�V��oh��R��Q�\�ۻ,��<�Û�R��=�#��<�&ΆdH��$�Q>�~7�ex��k^��A� ��%�U��N͆��Q��%��rUQ� A��!(��E��W�{u� ��4��<fu�̬��n�cOA�j��k@R��`��4�Â��ۄ��&��g+��ez�T��z��;Q��z��L�<��Pg{l��N] P��L��R�[$!�ѥ� ߺZ\��#��p�� <M�m��Xt�θ�{d˺�X�(�E��` �?��,jk��_��3��YSJHH��K��0U�L��R`�(>&0�,4B��ѺHxe�y1�R��B�_D�Gct��3)mLp�)��(5x2��8{&I��e�tdD7��Ji��X��é^<��Ћ@ �6��L�Ty(�K#��˽4ķɵ [��7��\�ݤ��b�F��K��z煜�T��L��t�.��A$��{u��M*� 5%�<C��ۧp�Z�W ��5��zªQ�J��}��E�^��bjRx'� ��B�NK㎪)ƻAfFM�h��AVӶ�O�x�]l�4��ԃ�Q�M��,o �+�h�d�R��2 �X�p�� ܬ��b�>z ��L"/��e�4eRh��>��!0�=b��O�c,S�L�/�ϒ]��%!��*i�Ȼ��B��JC�p��t_-in8!.�cƖ�/��}ǅ��^��OE9J�4P��sNl�y�㈉w��EIL��M�<��:�ř��R��E�� K�Kf;J�QI��/�� W ��N~��V&B�W��p0�{*��)��n�<��% ��_�B�ag��K��i�{��1z��1�6�%P9⸤��_i;+��*@؇��4tpH{�tTI��|�C�x`��5��DS��Tg��4��Y�� Э�)M�V��=�E��aP�z��K�q��|`�aas��y��B?�� H��a>�%+OM�4��`ؿ��n��'��F=��-��[��8&��p�Bz��Lo4��`��<��l]!�8�[�bb�� a�}��MXzFKЅ�G��!��eE�E�?�P_ax��u��Y��Cc_\�^��%�b�1�~�®�љ��m�O~6��-m�^z5n+r��I7&��x�w��)DK�i�q-��L�`7Lg}h�/��C��Yg�`݆>4=�Ț�-��d7�P��+!��\�˩�4�5;��AP�₍߭s�K��,�Qj��(͙`qT��Z:��U+Ke`g��IƢ&e��^��^�O9��G�Y�� ط;zH��e��O%݇�h7c��L8O-~��t�a�lM}@n)p.�/��:�~�� M��M�_�E��ƕțI�#��"M��O��M�FÏH��OM�;�f�%vKv��2�%x��Tj��z��o�>�2�yW�~��E�<�'�ϗ��|*%��;[�nu"�B��"-1��F��,��x�d��6[��J�׽s��2!K/E��<:�|U֡2?t�(m�6��o�ܿŬf��.�y��l띌}��4��@9>��<�y � =>4ܫ�$��cyU�G��aN�G{��g#Nps"V-�`L��<�,�X��Z\E�L��Z��E+��g��>�n��E��4�G��#�f�(�1��L��b�}e|W�G6)��x��$��ۤ�� c(56��?�� ЮMAd�X��4 ��@��\�ζQ��x��oBE�I�x8rƏ�\T�Y=��m��֪#�zg�ywl�K�6�| >�Vq?�5�(U��<�HsΎ_Kx�佳� ��%�A[$��*��Q5��5&~+䨿Lh�d{Fo�O�g�7�K��ډ��rS;@7ڋA�3?��S��3{$��O�#X\hV�D0Pk��(mX��>/��FFj� "�Y��/��g B:�:�~=�g^0��,��Ir�ia��"�R�KY;��]�FZj?>��hj��q

Sections

.text
Size: - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79887b1fe5f003a63d9d419c9a044a0

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

comctl32

ntdll

Exports

Exports

Sections

.text Size: - Virtual size: 350KB

.itext Size: - Virtual size: 1KB

.data Size: - Virtual size: 6KB

.bss Size: - Virtual size: 19KB

.idata Size: - Virtual size: 9KB

.tls Size: - Virtual size: 56B

.rdata Size: - Virtual size: 24B

.vmp0 Size: - Virtual size: 3.8MB

.vmp1 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 512B - Virtual size: 392B

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: - Virtual size: 350KB

.itext
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 6KB

.bss
Size: - Virtual size: 19KB

.idata
Size: - Virtual size: 9KB

.tls
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 3.8MB

.vmp1
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 512B - Virtual size: 392B

.rsrc
Size: 5KB - Virtual size: 4KB