bc1f7ec9736f12281a57e3e1ee887850e1a373037ba39ff0589c6c50545dc485[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bc1f7ec9736f12281a57e3e1ee887850e1a373037ba39ff0589c6c50545dc485.exe
Size

500KB
MD5

c305d08cfc38341a1fce23431acee53b
SHA1

b005bac124adcebd00f53aa4988ed9ea401ba259
SHA256

bc1f7ec9736f12281a57e3e1ee887850e1a373037ba39ff0589c6c50545dc485
SHA512

af0552ae3b98b56df7ed79e37ef653b07d6cc2b57867db1f17cbf2338331c6c51f8b3ef4b4c4e46363cd900316d4ed7b8096e39db95b6365bceed7987455b855
SSDEEP

6144:qOo38WEb75jw+0/hbW9/wBxKytmzisgiXk1gY5J:qUHbRw+0/haI88Hsu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc1f7ec9736f12281a57e3e1ee887850e1a373037ba39ff0589c6c50545dc485.exe

Files

bc1f7ec9736f12281a57e3e1ee887850e1a373037ba39ff0589c6c50545dc485.exe
.exe windows:6 windows x64 arch:x64

3901bd8eb1c7dece9b0e2e3926a7f3a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpyW
lstrcatW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
CreateFileA
DefineDosDeviceW
GetDriveTypeW
GetLogicalDrives
AreFileApisANSI
SetFileApisToANSI
IsDebuggerPresent
DecodeSystemPointer
GetErrorMode
GetThreadErrorMode
IsThreadAFiber
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
SetEvent
CreateMutexA
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
TlsAlloc
FlushProcessWriteBuffers
OpenProcess
GetCurrentProcessorNumber
GetSystemTimes
GetVersion
GetTickCount64
VirtualAlloc
CreateTimerQueue
CreateThreadpoolCleanupGroup
DisableThreadLibraryCalls
ExitThread
ConvertFiberToThread
IsSystemResumeAutomatic
DebugSetProcessKillOnExit
GlobalDeleteAtom
GetCommConfig
EraseTape
GetSystemDEPPolicy
lstrcmpiW
lstrlenA
lstrlenW
FindAtomA
FileTimeToSystemTime
WTSGetActiveConsoleSessionId
GetActiveProcessorGroupCount
GetMaximumProcessorGroupCount
UnregisterApplicationRecoveryCallback
UnregisterApplicationRestart
GetACP
GetOEMCP
GetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
GetThreadUILanguage
FreeConsole
GetConsoleCP
GetConsoleWindow
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
WriteConsoleW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapSize
GetLargePageMinimum
GetTickCount
CreateThread
WaitForSingleObject
SetErrorMode
GetLastError
CloseHandle
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
FindNextFileW
LCMapStringW
GetStringTypeW
FindFirstFileW
FindClose
LoadLibraryA
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetFileType
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW

user32

CharUpperBuffW
GetFocus
CharUpperW
CloseClipboard
wsprintfW
FindWindowA
GetDesktopWindow
GetForegroundWindow

gdi32

SetDIBits

advapi32

CryptAcquireContextW
OpenProcessToken
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptEncrypt
RegDisablePredefinedCacheEx
LookupAccountSidW
GetTokenInformation

shell32

SHGetSpecialFolderPathW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmRestart
RmEndSession
RmRegisterResources

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3901bd8eb1c7dece9b0e2e3926a7f3a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

wtsapi32

rstrtmgr

Sections

.text Size: 449KB - Virtual size: 448KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 449KB - Virtual size: 448KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B