bf2747836392209a9c1e74afd1700160N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bf2747836392209a9c1e74afd1700160N.exe
Size

107KB
MD5

bf2747836392209a9c1e74afd1700160
SHA1

c39b08c170d91f6ce45a899855d32bedbab7e5be
SHA256

bb438ffbe964a9242b8b5141dadd6cf875d708a82ea94fd3fcc38757dd5543e3
SHA512

a3e53af36d2959b462452aaa94f511ddda3d45deba96d43d2bb8cd907400ebc5d3ffd7a2fe5f13f5c4774fee393b6ce456c6cc8470bbb2c960c501506181cf91
SSDEEP

3072:xVpDlNUF+h3VVLw0ogKDv+XTwlE3kZj4/Eco:tDlNUMhlNwHgKDv+XclE3kZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf2747836392209a9c1e74afd1700160N.exe

Files

bf2747836392209a9c1e74afd1700160N.exe
.exe windows:5 windows x86 arch:x86

a98f45f42a46a61fed4a00db174d5759

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtQueryVolumeInformationFile

kernel32

FormatMessageW
SetEvent
WaitForSingleObject
CreateSemaphoreW
CloseHandle
ReleaseSemaphore
WaitForMultipleObjects
SetConsoleCtrlHandler
ResetEvent
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
FreeLibrary
DuplicateHandle
GetCurrentProcess
OpenProcess
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceW
GetVolumeInformationW
CreateFileW
SetErrorMode
GetDriveTypeW
DeleteFileW
GetLastError
InterlockedIncrement
GlobalAlloc
GlobalSize
InterlockedDecrement
ReadFile
GetFileSize
ReleaseMutex
lstrcatW
GetCurrentThreadId
GetTimeFormatW
GetDateFormatW
ExpandEnvironmentStringsW
LoadLibraryW
GetACP
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
SetThreadUILanguage
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetModuleFileNameA
DebugBreak
OutputDebugStringA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetModuleHandleA
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
GetLocaleInfoW
LCMapStringA
LCMapStringW
FlushFileBuffers
GetOEMCP
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
lstrcpyW
lstrcpynW
lstrlenW
HeapValidate
GetEnvironmentStringsW

user32

wsprintfW
LoadStringW

advapi32

RegQueryValueExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
RegOpenKeyExW
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree
ReleaseStgMedium
CoRegisterClassObject
CoInitializeEx
CoCreateInstanceEx
CoCreateGuid

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a98f45f42a46a61fed4a00db174d5759

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

ole32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB