bd373fb2303c51ef8f9846a6c84f244cc8b4ca5f1ed0e175aa797e3af45eb100

Sharing

Copy URL Twitter E-mail

General

Target

bd373fb2303c51ef8f9846a6c84f244cc8b4ca5f1ed0e175aa797e3af45eb100
Size

192KB
MD5

aa96c9be05bf4d09fccad7edb3627bef
SHA1

97f65a1311ab33d7481f5d90c869da7e58fda2d8
SHA256

bd373fb2303c51ef8f9846a6c84f244cc8b4ca5f1ed0e175aa797e3af45eb100
SHA512

a7cd7bd565082a3c50bacafec2dd5551d2b7a5b1e02e95c32fb44db9871de6439db21b8f6ab0510f860617d8e862b4be0b47335f1dba1f29815352200de8b62d
SSDEEP

3072:ErHFTDdWZbxDrs5/V3og5NHs4I/w9/F5eCYRoiOUu4J/Wq1aDUezJUy0j92ISzzC:ETRdWZNWoUNHs4y2/eC5ihu4lWqaUoq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd373fb2303c51ef8f9846a6c84f244cc8b4ca5f1ed0e175aa797e3af45eb100

Files

bd373fb2303c51ef8f9846a6c84f244cc8b4ca5f1ed0e175aa797e3af45eb100
.exe windows:5 windows x86 arch:x86

f75ad81707b8ea58d1e5667ceb42d1bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemWindowsDirectoryA
GetEnvironmentVariableA
DeleteFileA
CloseHandle
GetLastError
GetModuleFileNameW
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
GetTempPathA
GetCurrentProcessId
GetModuleFileNameA
GetVersionExW
Sleep
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetUnhandledExceptionFilter
GetComputerNameA
GetThreadContext
CreateFileA
SetThreadContext
Process32First
SetErrorMode
OpenProcess
WideCharToMultiByte
TerminateThread
CreateProcessA
TerminateProcess
FlushInstructionCache
GetShortPathNameA
SetCurrentDirectoryA
FindFirstFileA
GetHandleInformation
VirtualAlloc
VirtualAllocEx
FindClose
LoadLibraryA
Process32Next
FindNextFileA
LoadLibraryExA
VirtualProtect
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GetVersionExA
WriteProcessMemory
ResumeThread
CreateThread
SetPriorityClass
SetEndOfFile
GetCurrentThread
WriteFile
GetBinaryTypeA
ReadFile
SetThreadPriority
GetFileSizeEx
CopyFileA
SetFileAttributesA
GetTempFileNameA
CreateRemoteThread
GetExitCodeProcess
Module32First
VirtualProtectEx
Module32Next
SwitchToThread
HeapReAlloc
GetTickCount
GetThreadPriority
lstrcpynA
VirtualFree
ExitProcess

user32

WaitForInputIdle
CharLowerA
wsprintfW
CharUpperA

shell32

SHGetFolderPathA
ShellExecuteExW
SHGetFolderPathW
ShellExecuteExA
ord680

ole32

CoUninitialize
CoInitializeEx

psapi

GetModuleBaseNameW

shlwapi

StrCatBuffA
PathAddBackslashA
PathCombineA
PathAddExtensionA
SHGetValueA
PathAppendW
StrStrNIW
StrStrIA
PathFindFileNameA
PathFileExistsA
PathIsDirectoryA
StrChrIA

ntdll

RtlImageNtHeader
_stricmp
ZwOpenProcess
ZwSetInformationThread
ZwClose
ZwUnmapViewOfSection
_alloca_probe
memset
_snprintf
ZwQueryInformationProcess
RtlUnwind

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
SetKernelObjectSecurity
CheckTokenMembership
RegFlushKey
RegCloseKey
CreateWellKnownSid

winscard

SCardEstablishContext
SCardFreeMemory
SCardDisconnect
SCardReleaseContext
SCardListReadersA
SCardConnectA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wintrust

WinVerifyTrust

netapi32

NetServerGetInfo
NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f75ad81707b8ea58d1e5667ceb42d1bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

ntdll

advapi32

winscard

version

wintrust

netapi32

Sections

.text Size: 16KB - Virtual size: 16KB

code Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 158KB - Virtual size: 159KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

code
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 158KB - Virtual size: 159KB

.reloc
Size: 2KB - Virtual size: 1KB