blecus-trainers-bootstrapper[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

blecus-trainers-bootstrapper.exe
Size

1.1MB
MD5

2e8cc6a261ce007b32508c18df5cfafc
SHA1

e568cdcbc6563717cc3e60486e2acef94d83eb99
SHA256

6ebe3dd01a877a2652b4d4bd2a60a390819bdeb007e306395f96e0bfb4b64ffd
SHA512

cb70358a1dffb963e8e267edacea78c3e6a14bd3ed8b13eb68f0cebf928a4d1b3a5fd65fd6ada18080686792c966c7e1594d211874e3a72079f7900b02507db7
SSDEEP

24576:n4jlwQF/U7aGMGr6a21V4DGJ1FfrnyoTr1nWjEWt23/XhuTRRJj0qf70:n4hFF/U7aGoaKV4DGJ1FfrnyCpnWnt2k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
blecus-trainers-bootstrapper.exe

Files

blecus-trainers-bootstrapper.exe
.exe windows:6 windows x64 arch:x64

21ec0d4485ebfe6ecfc4570534090221

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\source\repos\Blecus Trainer RECODE\blecus-trainers-bootstrapper\x64\Release\blecus-trainers-bootstrapper.pdb

Imports

advapi32

GetCurrentHwProfileA
CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA

d3d9

Direct3DCreate9

kernel32

MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
SetFileInformationByHandle
EnterCriticalSection
CloseHandle
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MoveFileA
GetModuleFileNameA
GetModuleHandleW
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
FormatMessageW
GetLocaleInfoA
SetLastError
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetFileInformationByHandleEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitOnceComplete
InitOnceBeginInitialize
GetLastError
Sleep
GetSystemDirectoryA
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryA
LeaveCriticalSection
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
AreFileApisANSI

user32

CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClipboardData
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
SetClipboardData
EmptyClipboard
ReleaseCapture
ClientToScreen
DefWindowProcW
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
SetWindowRgn
CreateWindowExW
GetSystemMetrics
RegisterClassExW
ShowWindow
MessageBoxA
SetLayeredWindowAttributes
TranslateMessage
PeekMessageA
UnregisterClassA
PostQuitMessage
UpdateWindow
GetKeyState
GetMessageExtraInfo
LoadCursorA
ScreenToClient
GetCapture

gdi32

CreateRoundRectRgn

shell32

ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_wait
_Query_perf_counter
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
??0task_continuation_context@Concurrency@@AEAA@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
_purecall
memcpy
memset
strrchr
memchr
memmove
memcmp
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

_read
fclose
feof
__stdio_common_vswprintf
fseek
fflush
setvbuf
fputs
__stdio_common_vfprintf
_write
__p__commode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
fopen
fgetpos
_open
_fileno
fgetc
ftell
fputc
_set_fmode
_close
fwrite
fgets
_wfopen
__stdio_common_vsprintf
_lseeki64
__stdio_common_vsscanf
fread
__acrt_iob_func

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
strncpy_s
strcspn
strcmp
_strdup
strpbrk
strspn

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
atoi
wcstombs
strtol

api-ms-win-crt-runtime-l1-1-0

_cexit
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_get_wide_winmain_command_line
_initterm
_beginthreadex
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn
abort
__sys_nerr
__sys_errlist
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
terminate
_errno

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64
_lock_file
_fstat64
_splitpath_s
_unlink

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-math-l1-1-0

sqrtf
acosf
ceilf
cosf
fmodf
__setusermatherr
sinf
_fdopen

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

normaliz

IdnToUnicode
IdnToAscii

ws2_32

gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
WSACleanup
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAIoctl
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSASetLastError
WSAGetLastError
ntohs
WSAStartup
WSAEventSelect
setsockopt

wldap32

ord35
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord33
ord79
ord30
ord200
ord301

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21ec0d4485ebfe6ecfc4570534090221

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

d3d9

kernel32

user32

gdi32

shell32

imm32

dwmapi

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 660KB - Virtual size: 660KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 217KB - Virtual size: 219KB

.pdata Size: 33KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 660KB - Virtual size: 660KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 217KB - Virtual size: 219KB

.pdata
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 3KB - Virtual size: 2KB