bbf358eff5da6238a418e03ddff67706c3a9c5d00d0646dfbdb6a18107fa8f42

Sharing

Copy URL Twitter E-mail

General

Target

bbf358eff5da6238a418e03ddff67706c3a9c5d00d0646dfbdb6a18107fa8f42
Size

511KB
MD5

e175eea6c53bec806397170aede22f2a
SHA1

b98f51a90557694a2d95881b05798c665db3342d
SHA256

bbf358eff5da6238a418e03ddff67706c3a9c5d00d0646dfbdb6a18107fa8f42
SHA512

0b4a5c13b35f672a796188e271525a781f31fe3c45cbf8a939ce22f522b07446253773a21b55a607661d30e6b25ae63f4166c3f4f0d407219feceedb6f01b20d
SSDEEP

12288:SJiqKc2e5NK8eDpIaG7dWMBIA7gMDUPe6sR2KRE7veKp:Hq12e5NKhDpCWMedMDUGTR7E7WKp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbf358eff5da6238a418e03ddff67706c3a9c5d00d0646dfbdb6a18107fa8f42

Files

bbf358eff5da6238a418e03ddff67706c3a9c5d00d0646dfbdb6a18107fa8f42
.exe windows:5 windows x86 arch:x86

5d53b4e291fe2d30882a611efe532ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCurrentProcessId
GlobalFree
CreateDirectoryW
GetTickCount
Sleep
TerminateProcess
GetConsoleCP
HeapSize
WriteFile
FormatMessageW
ExpandEnvironmentStringsW
LocalFree
SetPriorityClass
GetCurrentProcess
WaitForSingleObject
GetModuleFileNameA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
OutputDebugStringW
CreateFileW
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
MoveFileExW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
DeviceIoControl
FreeEnvironmentStringsW
ExitProcess
GetModuleHandleA
OutputDebugStringA
DeleteFileA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetLocalTime
WTSGetActiveConsoleSessionId
SetEnvironmentVariableA
GetCPInfo
CompareStringW
GetProcessHeap
SetEndOfFile
CreateFileA
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
ReadFile
FlushFileBuffers
GetLocaleInfoW
GetTimeZoneInformation
GetLastError
DeleteFileW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
DeleteCriticalSection
EncodePointer
DecodePointer
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
FindFirstFileExW
FindNextFileW
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
GetConsoleMode

user32

MessageBoxA
wsprintfW

advapi32

DuplicateTokenEx
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
AllocateAndInitializeSid
SetTokenInformation
GetLengthSid
FreeSid
CreateProcessAsUserW

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation
ord155

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity

shlwapi

SHRegGetValueW

psapi

GetModuleBaseNameA

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryHeaders

iphlpapi

GetAdaptersInfo

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d53b4e291fe2d30882a611efe532ba5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

wintrust

winhttp

iphlpapi

oleaut32

wtsapi32

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 37KB - Virtual size: 36KB