8a48923529c50349d565eb2fc7dd55e5d2a5660956fd70575a3dd3ee6f1e01da

Sharing

Copy URL Twitter E-mail

General

Target

8a48923529c50349d565eb2fc7dd55e5d2a5660956fd70575a3dd3ee6f1e01da
Size

158KB
MD5

c0d3dcb9050d245e01e6d855609d19fa
SHA1

c4f4eac92a063f96412f6b913486b45cb3dd2d54
SHA256

8a48923529c50349d565eb2fc7dd55e5d2a5660956fd70575a3dd3ee6f1e01da
SHA512

becad021a185af6165f9eca36c29c40dc6c05b75426f93956b409b6a53561ba497da57b129ce35582e4c40a862f7f3855fc86c03d8236b9122fa019ad6fabad1
SSDEEP

3072:Spkwz4Dqf1XTZ1J2JgCIbi1A4vIugdsbCtXigKsJfUtV:SeqN3UgtbEEdsbCtSg9f8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a48923529c50349d565eb2fc7dd55e5d2a5660956fd70575a3dd3ee6f1e01da

Files

8a48923529c50349d565eb2fc7dd55e5d2a5660956fd70575a3dd3ee6f1e01da
.dll windows:4 windows x86 arch:x86

2bfa1336f29650ef347eb30fb86065a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\hips_v1.0_fix_compile\basic\Output\release\BDMUpdate.pdb

Imports

bdmbase

��E�ǀ�
+��
CloseZip
ZipExtract
CreateZip
?BDMTSCreateDir@BDMMisc@@YAHPB_W@Z
BDMIsDirectoryExist
BDMIsFileExist
_BDMGetFileMD5_2@8

bdmstringutils

?s_Null@CFormatArg@BDMStringUtils@@2V12@A
?GetSystemDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
?FormatStdString_DLL@BDMStringUtils@@YA_NPA_WPAKPB_WABVCFormatArg@1@333333333@Z

kernel32

FindFirstFileW
TerminateProcess
GetFileAttributesW
Process32NextW
GetLastError
DeleteFileW
Thread32First
GetModuleFileNameW
GetModuleHandleW
CreateFileW
SetFilePointer
ReadFile
]�uǆ�
2��?
�9Erǆ�
��u�ωE؉]�� a��eE��u��U��
FreeLibrary
lstrcmpiW
OpenProcess
GetProcAddress
CloseHandle
Sleep
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetTickCount
RemoveDirectoryW
Thread32Next
FindClose
CompareFileTime
SetLastError
FindNextFileW
GetThreadTimes
MoveFileExW
OpenThread
Process32FirstW
CreateToolhelp32Snapshot
ExpandEnvironmentStringsW
CopyFileW
��u��U��
��u�ωE��
��]��]��E�P�u��E��
LoadLibraryW
�E�u3��E�+E�S��P�M��j�E�PS�M��(��P��
��j�E�PS�M��(��P��
(��P��
j�E�Pj�M��P��
��P��
3�9]�t,�E�+E�;�s"W�M��E�GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
�;�s"W�M��E�GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
�<�M��u��u�SPS��
MultiByteToWideChar

user32

PostThreadMessageW
FindWindowExW
wsprintfW

advapi32

CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenProcessToken
RegCreateKeyExW
DuplicateTokenEx
RegCloseKey
AdjustTokenPrivileges
RegDeleteValueW
LookupPrivilegeValueW
GetTokenInformation

shell32

ShellExecuteW

��

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std�E��j ��<�E�興��ǆ�
E�興��ǆ�
��P��D��P��3�P�}��6��hx3P�E�P�E�� Wj��g��Wj��E��g��5�v<�E�P��|��uW�/
��5�v<�E�P��|��uW�/
�GWP��H
��G�Ћ��
��f
�^��ˉ�P��z��ˉ�<��^��ˉ�T��d��ˉ�\��~��ˉ�@��0��ˉ�8��<
��@��0��ˉ�8��<
�
��CSP�M��E
��
�p��d��P�M��E�軕��*��]��t��W��H��PS��x��M��P�
��t��W��H��PS��x��M��P�
��M��E�j_3��9�|��u3�� E�+�|��j��WSSW�M�Q�5��<��x��5�v<�5�v<SPS�z��
<SPS�z��
��Sj�M��b��$��D��ǀ�
��
�P��V�RQ�U�
]��i��M��t�M��5��2��D
RPSQS�M��P�E苈�
�c��PVS�M��X��P�b��M��J��E��h�
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
M��M��b��j��
�E�ǀ�
uǆ�
�ω�d��
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

��eĉ}��}��}��e��e�wp�m��fvp�m��?

tǃ�
2��OB
�
Eĉ}��}��}��E��E�WP�M��FVP�M��?
��E��E�WP�M��FVP�M��?
E�WP�M��FVP�M��?
M��?
FVP��L��?
��?
�q��
M��L��M��l��7��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��l��7��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��h$��u��u�j��l��PV�M��P�e�
��u�j��l��PV�M��P�e�
��P�e�
P�M��P�J�
�9}�t-�E�+E�;�s#S�M��m��E��DP�M��]��M�� C�΍M��E��M��N��E��]��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
�E��M��N��E��]��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
�P�E�P�I�
��|��P�E�P�Z�
P�E�P�n�
�
��P�E�P��
E�P��
�
��{
�E�P��
�<��
�jj�WWj��M�Q�5��<��
��P�E�P��
�E�P��
�
p��P�E�P��
E�P��
�
��d��P�E�P��
P�
��j��h��P�E�P�"
E��ΉE��Ή�x��t��j��h��P�E�P�"
��Ή�p��*��Ή�`��Q
��y��Ή�\��Ή�p��*��Ή�`��Q
�s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
Ή�h��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
��Ή�h��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
�E�P�E�P�;�

��

M�Q�5��<3�E�M�QPW�učM�W��
čM�W��
�U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��

�

�t�M�ǃ�
��4��K�M��j��
�
<��T��Vj�WjP��X��

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bfa1336f29650ef347eb30fb86065a6

Headers

File Characteristics

PDB Paths

Imports

bdmbase

bdmstringutils

kernel32

user32

advapi32

shell32

����

�����������eĉ}��}��}����e������e�wp�m�������fvp�m���?

���

�

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

��

��eĉ}��}��}��e��e�wp�m��fvp�m��?

��

�

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB