BE_forcer[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

BE_forcer.7z
Size

241KB
MD5

ae870d70968c94dac07aa6a344d58ac3
SHA1

3cc6f4ca8d673abdac9215839e9ffa19813d625a
SHA256

63001b748f017ba2f656ab29f8e221ed7d24466761c4b627ce32327c067f95f6
SHA512

d04ceb560eb3ee09541d9e8a91c30aa5bc389cc3fa500a6ac9f2b97336bc35c9010d7db2ea58ec915c34f84b0e88b45c9bd6b90ba0ab9b11b7674987a9672d9e
SSDEEP

6144:P/8cDGqs80NT110EdJ4B45Eqyey/ZYvAQKpct:snhHTT0nB9qGRRQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BE forcer/BE forcer.exe

Files

BE_forcer.7z
.7z

Password: 123
BE forcer/BE forcer.exe
.exe windows:6 windows x64 arch:x64

Password: 123

93a1a775e7a9a565087d1b4294acc483

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BE-FORCER\BEST OBF\Project1\x64\Release\Project1.pdb

Imports

kernel32

ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
GetLocaleInfoEx
GetFileType
FindFirstFileW
GetFileAttributesExW
FindClose
MultiByteToWideChar
FreeLibrary
WaitForSingleObjectEx
MoveFileExA
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoA
LoadLibraryA
AreFileApisANSI
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
GetEnvironmentVariableA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
SetConsoleTextAttribute
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
CheckRemoteDebuggerPresent
IsDebuggerPresent
Sleep
TerminateProcess
GetStdHandle
GetCurrentProcess
GetProcAddress
CreateFileW

msvcp140

_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z

normaliz

IdnToAscii

wldap32

ord30
ord217
ord143
ord200
ord46
ord79
ord35
ord211
ord33
ord32
ord27
ord26
ord60
ord22
ord41
ord50
ord45
ord301

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertCloseStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CryptDecodeObjectEx
CertFreeCertificateChainEngine
CertGetCertificateChain
CertOpenStore
CertFreeCertificateChain

ws2_32

WSAStartup
recvfrom
WSAIoctl
sendto
closesocket
freeaddrinfo
send
WSASetLastError
accept
socket
ntohl
gethostname
recv
WSAGetLastError
getaddrinfo
select
htonl
setsockopt
__WSAFDIsSet
bind
connect
getpeername
ntohs
htons
getsockname
ioctlsocket
listen
getsockopt
WSACleanup

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
strstr
strrchr
strchr
memset
memcpy
memcmp
memchr
_CxxThrowException
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
memmove
__current_exception

api-ms-win-crt-runtime-l1-1-0

exit
strerror
__sys_nerr
_errno
system
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_resetstkoflw
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo_noreturn
_getpid
_beginthreadex
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
fgets
_pclose
_popen
fopen
__acrt_iob_func
fputs
__stdio_common_vsscanf
feof
fseek
fputc
_open
_close
_write
_read
ftell
__p__commode
_set_fmode
_lseeki64
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh
_set_new_mode
calloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
strtoll
strtod
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_access
_unlink
_unlock_file
_fstat64
_stat64
_lock_file
remove

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strpbrk
tolower
_strdup
strncmp
isupper
strspn
strncpy

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort

user32

MessageBoxA

advapi32

GetTokenInformation
AddAccessAllowedAce
GetLengthSid
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
InitializeAcl
IsValidSid
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BE forcer/KEYS.txt

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

93a1a775e7a9a565087d1b4294acc483

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

advapi32

shell32

Sections

.text Size: 487KB - Virtual size: 487KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 487KB - Virtual size: 487KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB