BFDIBranches[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BFDIBranches.zip
Size

188.4MB
MD5

cf0ce27f5a26ed316fb5217d24aab7aa
SHA1

dcb06d6491f4e5cf600f230791e5aea1677287c8
SHA256

124e2f3bef8617a1204e64141f956af6b266e6e5b6cf74da26497e01b4943b9f
SHA512

526fc9aa4a307b2aa5a60a87e58ed36dfdf43d75e1c4e62e1b183db3ccda84fe52d675488fec7c930d27bb93d568a65d8f9ce01d8851ac012609dabc30f898d1
SSDEEP

3145728:/rchZR7THSXAtHbtFcu5xKA4iLXC+ZSv29Vvga04ErV6VtgmKZpOyUcAu73BIiFg:/uHHSXibf7KA4uXCAS8SzJh6VttKZpOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BFDIBranches/bfdibranches.exe

Files

BFDIBranches.zip
.zip
BFDIBranches/bfdibranches.exe
.exe windows:6 windows x64 arch:x64

975da31942e8b6fb88a17a6471eec8e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeEndPeriod
midiInGetNumDevs
midiInGetDevCapsA
midiInGetErrorTextA
midiInOpen
midiInClose
midiInStart
midiInStop
midiInGetID
timeBeginPeriod

kernel32

LCIDToLocaleName
GetLocaleInfoEx
LoadLibraryA
GetLocaleInfoW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetEndOfFile
GetCurrentProcess
Sleep
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapSize
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetCommandLineA
WriteFile
MoveFileExW
RemoveDirectoryW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
GetFileType
SetStdHandle
SetEnvironmentVariableA
RtlUnwind
RtlUnwindEx
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
PowerCreateRequest
CreateEventW
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetModuleHandleW
PowerClearRequest
InitOnceComplete
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
GlobalLock
GlobalUnlock
GlobalSize
LoadLibraryW
SetPriorityClass
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
SetLastError
OutputDebugStringA
K32GetPerformanceInfo
SetConsoleMode
SetConsoleCtrlHandler
ReadConsoleW
AttachConsole
GetUserDefaultUILanguage
MultiByteToWideChar
GetTimeZoneInformation
SystemTimeToFileTime
FormatMessageW
LoadLibraryExW
GetProcAddress
RaiseException
RtlPcToFileHeader
SleepConditionVariableSRW
WakeConditionVariable
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreatePipe
GetLastError
SetHandleInformation
CloseHandle
ReadFile
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
OpenProcess
CreateProcessW
GetCurrentProcessId
InitializeSRWLock
CompareStringOrdinal
FindFirstFileW
FindClose
CompareFileTime
SetEnvironmentVariableW
GetEnvironmentVariableW
GetExitCodeProcess
GetStdHandle
WideCharToMultiByte
LocalFree
PowerSetRequest
GetCommandLineW
GlobalAlloc
TerminateProcess
RtlCaptureContext
GetACP
FindNextFileW
GetFileAttributesW
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetLargePageMinimum
GetSystemInfo
GetModuleFileNameA
SwitchToThread
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetThreadIdealProcessor
SetThreadAffinityMask
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEvent
ResetEvent
CreateEventA
ReleaseMutex
CreateMutexA
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount64
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExA
GetLogicalDrives
GetTempFileNameW
GetVolumeInformationW
ReplaceFileW
SetFileAttributesW
WriteConsoleW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
PropVariantClear

oleaut32

SysFreeString
VariantInit
SysAllocString

user32

MessageBoxW
ToUnicodeEx
ActivateKeyboardLayout
GetKeyboardLayoutList
UnregisterClassW
RegisterClassW
GetRawInputDeviceList
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetRawInputData
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
EnumDisplaySettingsW
CreateIconIndirect
CreateIconFromResource
DestroyIcon
LoadIconA
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowLongPtrA
GetWindowLongPtrA
OffsetRect
FillRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
SetCaretPos
DestroyCaret
CreateCaret
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
SetWindowRgn
GetUpdateRect
ReleaseDC
GetWindowDC
GetDCEx
GetDC
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
MapVirtualKeyExA
MapVirtualKeyA
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageA
GetMessageExtraInfo
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetKeyboardLayout

gdi32

CreatePen
CreateRectRgn
CreateSolidBrush
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SwapBuffers
SetPixelFormat
ChoosePixelFormat
CreatePolygonRgn
CreateDIBSection
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetPixel
GetDIBits
GetDeviceCaps
DeleteObject
BitBlt

shell32

ShellExecuteW
SHFileOperationW
CommandLineToArgvW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragAcceptFiles
DragQueryFileW

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetValueW
GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

dinput8

DirectInput8Create

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

bcrypt

BCryptGenRandom

crypt32

CryptBinaryToStringA
CertOpenSystemStoreA
CertGetCertificateContextProperty
CertCloseStore
CertEnumCertificatesInStore

avrt

AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

dwrite

DWriteCreateFactory

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses

wsock32

closesocket
getsockname
send
bind
ioctlsocket
sendto
setsockopt
ntohl
WSAGetLastError
connect
recv
select
__WSAFDIsSet
accept
inet_ntoa
listen
recvfrom
WSAStartup
WSACleanup
htons
htonl
ntohs
socket

ws2_32

getaddrinfo
WSAConnect
getnameinfo
inet_pton
freeaddrinfo

ntdll

NtQueryInformationFile

Exports

Exports

?add@ThreadPool@TaskScheduler@embree@@QEAAXAEBV?$Ref@UTaskScheduler@embree@@@3@@Z
?addScheduler@TaskScheduler@embree@@CAXAEBV?$Ref@UTaskScheduler@embree@@@2@@Z
?allocThreadIndex@TaskScheduler@embree@@QEAA_JXZ
?execute_local@TaskQueue@TaskScheduler@embree@@QEAA_NAEAUThread@23@PEAUTask@23@@Z
?instance@TaskScheduler@embree@@CAPEAU12@XZ
?remove@ThreadPool@TaskScheduler@embree@@QEAAXAEBV?$Ref@UTaskScheduler@embree@@@3@@Z
?removeScheduler@TaskScheduler@embree@@CAXAEBV?$Ref@UTaskScheduler@embree@@@2@@Z
?run@Task@TaskScheduler@embree@@QEAAXAEAUThread@23@@Z
?startThreads@TaskScheduler@embree@@CAXXZ
?startThreads@ThreadPool@TaskScheduler@embree@@QEAAXXZ
?swapThread@TaskScheduler@embree@@CAPEAUThread@12@PEAU312@@Z
?thread@TaskScheduler@embree@@CAPEAUThread@12@XZ
?threadCount@TaskScheduler@embree@@SA_KXZ
?threadID@TaskScheduler@embree@@SA_KXZ
?threadIndex@TaskScheduler@embree@@SA_KXZ
?wait@TaskScheduler@embree@@SA_NXZ
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 39.2MB - Virtual size: 39.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 952KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BFDIBranches/bfdibranches.pck

Sharing

General

Malware Config

Signatures

Files

975da31942e8b6fb88a17a6471eec8e2

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

ole32

oleaut32

user32

gdi32

shell32

advapi32

dinput8

imm32

bcrypt

crypt32

avrt

dwmapi

dwrite

iphlpapi

wsock32

ws2_32

ntdll

Exports

Exports

Sections

.text Size: 39.2MB - Virtual size: 39.2MB

.rdata Size: 11.4MB - Virtual size: 11.4MB

.data Size: 952KB - Virtual size: 2.6MB

.pdata Size: 1.3MB - Virtual size: 1.3MB

pck Size: 512B - Virtual size: 8B

_RDATA Size: 1024B - Virtual size: 548B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 298KB - Virtual size: 298KB

.text
Size: 39.2MB - Virtual size: 39.2MB

.rdata
Size: 11.4MB - Virtual size: 11.4MB

.data
Size: 952KB - Virtual size: 2.6MB

.pdata
Size: 1.3MB - Virtual size: 1.3MB

pck
Size: 512B - Virtual size: 8B

_RDATA
Size: 1024B - Virtual size: 548B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 298KB - Virtual size: 298KB