BMT_x64[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BMT_x64.exe
Size

1.1MB
MD5

b846b15f5b0703303966e36209f457a8
SHA1

a12e423f6f37af1117ea229ee7a6e7e6510007d2
SHA256

2f7eed83831f878ec1f28758480e721538a426c65a4b97f6a19e471b92d7c9df
SHA512

ca36e1bcf4c2c23970778036e1a27e02b2bd48cb6fa5f24b57816763d655417e6a916d83f1841bb5c7301170b548077cb085417b69d8934089781bf3777fdb16
SSDEEP

6144:3Inq5AcT2KeDDgJtWenlPMRlGANirPPSlBAdXGAbgneCc2ir9G/K7ElpY4WCJOEe:3BA3RDDgyeuRc6XyxpGFpT7hBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BMT_x64.exe

Files

BMT_x64.exe
.exe windows:6 windows x64 arch:x64

Password: 123

36fa75fa42a370d61fc220f9911c322c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Andon\Documents\Visual Studio 2015\Projects\BMT\x64\Release\BMT.pdb

Imports

kernel32

GetDateFormatW
FindFirstFileW
GetTimeFormatW
FileTimeToSystemTime
GetLastError
SetFileAttributesW
GetCurrentProcess
CopyFileW
FindClose
CloseHandle
LocalFree
SetFileTime
SetEndOfFile
HeapReAlloc
HeapSize
DeleteFileW
SetStdHandle
FindNextFileW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetProcessHeap
LCMapStringW
FileTimeToLocalFileTime
WideCharToMultiByte
OpenFile
lstrcpyW
lstrlenW
MultiByteToWideChar
GetProcAddress
FreeLibrary
WriteConsoleW
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
GetStringTypeW
HeapAlloc
lstrlenA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSection
GetModuleHandleA
Sleep
SetLastError
LoadLibraryExW
CreateProcessW
LocalAlloc
CreateProcessA
GetSystemDirectoryW
GetFullPathNameW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
CreateFileW
lstrcmpA
OutputDebugStringW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ReadFile
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapFree

user32

GetWindowRect
EnableWindow
PostQuitMessage
GetWindowLongPtrW
MessageBoxW
wsprintfW
ChangeDisplaySettingsW
IsWindow
DialogBoxParamW
GetWindowTextW
SetWindowLongW
EndDialog
SetWindowPos
SendMessageW
SetWindowTextW
EnumDisplaySettingsW
LoadIconW
GetDlgItem
IsWindowVisible
GetWindowLongW
ShowWindow

gdi32

CreateFontW

advapi32

SetEntriesInAclW
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
SetNamedSecurityInfoW
FreeSid
SystemFunction036

shell32

SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantClear

dxgi

CreateDXGIFactory

Sections

.text
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

36fa75fa42a370d61fc220f9911c322c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dxgi

Sections

.text Size: 357KB - Virtual size: 357KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 70KB - Virtual size: 112KB

.pdata Size: 14KB - Virtual size: 14KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 566KB - Virtual size: 566KB

.text
Size: 357KB - Virtual size: 357KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 70KB - Virtual size: 112KB

.pdata
Size: 14KB - Virtual size: 14KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 566KB - Virtual size: 566KB