bcdd2a9778af2a0557e0fc909262a5802a49de3d49f93e6deebc5a430c4842dc

Sharing

Copy URL

Twitter E-mail

General

Target

bcdd2a9778af2a0557e0fc909262a5802a49de3d49f93e6deebc5a430c4842dc
Size

2.0MB
MD5

c8fd4812f256c3de76fd11b6d57b2c17
SHA1

4a26ebc764dc57427aff4d298d39a17b4c1a9285
SHA256

bcdd2a9778af2a0557e0fc909262a5802a49de3d49f93e6deebc5a430c4842dc
SHA512

70ca66ed8fd3a3ca6f30959f081895a02b9788880c707d2b8bd5d9592084a8597295157f4bc561d4a1c7a0c44cc9e2392bf62b8d370eba5fd757e6afbe1230db
SSDEEP

49152:drzWy+4OSXp5yFHTy+pmd5kNuZTNx+HkwnsW6cBz:FZXXzyFHTyAcNxZW4S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcdd2a9778af2a0557e0fc909262a5802a49de3d49f93e6deebc5a430c4842dc

Files

bcdd2a9778af2a0557e0fc909262a5802a49de3d49f93e6deebc5a430c4842dc
.dll windows:5 windows x86 arch:x86

f0a8b17c5ab0115f8b1321b55109dd22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

esent

JetTerm

rpcrt4

NdrPointerBufferSize

kernel32

DuplicateHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GlobalDeleteAtom
GetEnvironmentStrings
FreeEnvironmentStringsA
GetLocaleInfoW
HeapSize
IsValidLocale
GetSystemDefaultUILanguage
GetModuleFileNameW
OutputDebugStringA
GetModuleHandleA
FatalAppExitA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetVolumePathNameW
UnregisterWait
WriteConsoleW
GetLocalTime
WritePrivateProfileStringW
FillConsoleOutputCharacterW
LocalFlags
CompareStringA
CompareStringW
FreeEnvironmentStringsW
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
CloseHandle
CreateFileA
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
RtlUnwind
SetEnvironmentVariableA

winscard

SCardIntroduceCardTypeW

rasapi32

RasHangUpW

winmm

mmioCreateChunk
midiInUnprepareHeader
mixerGetNumDevs

wininet

RetrieveUrlCacheEntryFileA

lz32

GetExpandedNameW

advapi32

ReadEncryptedFileRaw
QueryServiceConfigW
NotifyBootConfigStatus
FreeEncryptionCertificateHashList

opengl32

glPopAttrib

mprapi

MprConfigServerConnect

crypt32

CryptMsgControl
CryptMsgUpdate

shlwapi

PathRenameExtensionW
PathAddExtensionW
UrlEscapeW
PathRemoveBlanksW

urlmon

CoInternetQueryInfo
RegisterBindStatusCallback

setupapi

SetupDiEnumDeviceInfo

ole32

CoWaitForMultipleHandles
HWND_UserMarshal

shell32

ExtractIconExW
SHSetLocalizedName

user32

ToAsciiEx
OpenIcon
MessageBoxExW
InvalidateRgn
SetClassWord
GetCaretPos
SetMenuInfo

gdi32

SelectPalette
OffsetRgn
SetBitmapBits
CombineRgn
GetTextCharacterExtra
IntersectClipRect

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 932KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0a8b17c5ab0115f8b1321b55109dd22

Headers

File Characteristics

Imports

esent

rpcrt4

kernel32

winscard

rasapi32

winmm

wininet

lz32

advapi32

opengl32

mprapi

crypt32

shlwapi

urlmon

setupapi

ole32

shell32

user32

gdi32

Exports

Exports

Sections

.text Size: 932KB - Virtual size: 930KB

.qdata Size: 904KB - Virtual size: 901KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 100KB - Virtual size: 106KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 56KB - Virtual size: 54KB

.text
Size: 932KB - Virtual size: 930KB

.qdata
Size: 904KB - Virtual size: 901KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 100KB - Virtual size: 106KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 56KB - Virtual size: 54KB