bbec0bc2b8c52ab836ee539ead704faf35e67ddf2fd4c9246ad7ee24fcd61145

Sharing

Copy URL

Twitter E-mail

General

Target

bbec0bc2b8c52ab836ee539ead704faf35e67ddf2fd4c9246ad7ee24fcd61145
Size

187KB
MD5

1cd04d93c4b6b71586daaaa20d1cc47c
SHA1

da7d53f9f70d040e19c59c7b6320e4c756163979
SHA256

bbec0bc2b8c52ab836ee539ead704faf35e67ddf2fd4c9246ad7ee24fcd61145
SHA512

74871e4bacf6d9af59dd60a082dda1c9734cfab3ba5609f5e3e756f347ea132c8c7f87ce15debe4ec563e2b5ed78996b47253d57cee945f487f757f4cae47993
SSDEEP

3072:3URND2Tbs/GSEdX6Pi7U0SJVnBOyYN8u2r91:ERU5SEkJVnB+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbec0bc2b8c52ab836ee539ead704faf35e67ddf2fd4c9246ad7ee24fcd61145

Files

bbec0bc2b8c52ab836ee539ead704faf35e67ddf2fd4c9246ad7ee24fcd61145
.exe windows:4 windows x86 arch:x86

dc5cd91a38f2882b6189284c71dc4d4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

routing

??0CSysName@@QAE@XZ
??1CSysName@@QAE@XZ

afw

?SetSystemValue@CAfwReg@@QAEHPAUHKEY__@@VCString@@1K@Z
??1CAfwReg@@QAE@XZ
?GetLanguageDirectory@CAfwReg@@QAEHAAVCString@@@Z
??0CAfwReg@@QAE@XZ
?GetSystemValue@CAfwReg@@QAEHPAUHKEY__@@VCString@@1AAK@Z

bcs

?Rollback@ATOMMultiTrans@@QAE?ATMAPPED_STATUS@@XZ
?Open@ATOMMultiTrans@@QAE?ATMAPPED_STATUS@@W4TRANSACTION_TYPE@@VCString@@W4INDEX_UPDATE_MODE@@@Z
??1ATOMTrans@@UAE@XZ
??0ATOMTrans@@QAE@XZ
??1?$opiItr@VBCOPtAnalog@@@@QAE@XZ
?SetInitialValue@BCOPtAnalog@@QAE?ATMAPPED_STATUS@@MABUVALIDATION_LOGGING_DATA@@@Z
?GetObsoleteInitialValue@BCOPtAnalog@@QBE?ATMAPPED_STATUS@@AAM@Z
?GetInitialValue@BCOLogicalPt@@QBE?ATMAPPED_STATUS@@AAM@Z
??0?$opiItr@VBCOPtAnalog@@@@QAE@XZ
??0ATOMExcp@@QAE@IVCString@@TMAPPED_STATUS@@@Z
?Commit@ATOMMultiTrans@@QAE?ATMAPPED_STATUS@@XZ

oodb94

??1ooWithErrorContext@@QAE@XZ
?get_vm@?$opiHandle@VooObj@@@@QBEPAVooObj@@XZ
??0?$opiHandle@VooFDObj@@@@QAE@XZ
?open@?$opiHandle@VooFDObj@@@@QAEHPBDW4ooMode@@_NP6A?AW4oo2PCTransState@@PAUooExternalTransId@@@Z@Z
??0ooId@@QAE@XZ
??4ooId@@QAEAAV0@PBVooObj@@@Z
?scan@ooIteratorObjOrContObj@@QAEHABV?$opiHandle@VooObj@@@@PBD@Z
?opiResizeVArray@@YAHPAXII@Z
?next@ooIterator@@QAE_NXZ
??4?$opiRef@VooObj@@@@QAEAAV0@ABVooHandleBase@@@Z
??1?$opiHandle@VooFDObj@@@@QAE@XZ
?opiResizeHeapVArray@@YAPAXPAXIII@Z
?ooNoLock@@YAHXZ
?ooExitCleanup@@YAXXZ
?opiProcessInit@@YAXXZ
?opiDeleteVArray@@YAHPAX@Z
?ooSignal@@YAHW4ooErrorLevel@@ABVooError@@PBVooHandleBase@@ZZ
?opieUpdateVArray@@3VooError@@B
?opiUpdateVArray@@YAHPAX@Z
?opiOpenVArray@@YAHPAXPAUocmSession@@@Z
??0ooWithErrorContext@@QAE@PBD@Z
??0?$opiHandle@VooObj@@@@QAE@ABV0@@Z
?isValid@?$opiHandle@VooObj@@@@QBE_NW4ooMode@@@Z
??4?$opiHandle@VooObj@@@@QAEAAV0@ABVooId@@@Z
?ooInit@@YAHIII_N@Z
?opiNewVArray@@YAHPAXII@Z
??0?$opiHandle@VooObj@@@@QAE@XZ
??1?$opiHandle@VooObj@@@@QAE@XZ

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

mfc42

ord858
ord1168
ord800
ord860
ord924
ord535
ord540
ord537
ord2818
ord2820
ord3811

msvcrt

_XcptFilter
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
_CxxThrowException
__CxxFrameHandler
fopen
_mbsicmp
fclose
printf
fprintf
fflush
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

kernel32

LoadLibraryA
FreeLibrary

bcsfc

?RequestFileNameAndPath@@YA_NW4IDK_FILENAME_ENUM@@AAV?$_SS@D@@1@Z

msvcirt

?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A

safe_sub

?InitValidationLogData@@YAHABVCString@@AAUVALIDATION_LOGGING_DATA@@@Z

Exports

Exports

??_C@_0BG@PEMG@ooVArray?$CIT?$CJ?3?3resize?$CI?$CJ?$AA@
?resize@?$ooVArrayT@D@@QAEHI@Z
?resize@?$ooVArrayT@G@@QAEHI@Z
?resize@?$ooVArrayT@I@@QAEHI@Z
?resize@?$ooVArrayT@VoqrUserOperator@@@@QAEHI@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

etvodhfr
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 148KB - Virtual size: 145KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc5cd91a38f2882b6189284c71dc4d4e

Headers

File Characteristics

Imports

routing

afw

bcs

oodb94

msvcp60

mfc42

msvcrt

kernel32

bcsfc

msvcirt

safe_sub

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 932B

.rsrc Size: 4KB - Virtual size: 1KB

etvodhfr Size: 8KB - Virtual size: 4KB

Size: 148KB - Virtual size: 145KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 932B

.rsrc
Size: 4KB - Virtual size: 1KB

etvodhfr
Size: 8KB - Virtual size: 4KB