bf5193239d497b3bd358df6c463ccb40N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bf5193239d497b3bd358df6c463ccb40N.exe
Size

1.0MB
MD5

bf5193239d497b3bd358df6c463ccb40
SHA1

4a9ef9103fe56404c771a92204c47e59a934d65e
SHA256

84e772f6028613408585becbd5edec14cdfab86195ec0edd1e396aef6a491190
SHA512

c3c9e9ccd4ef845a5b42882c6b4741db810871575b02bc2dbcc7a9e9ab9ff82e70c3dda6974f43d90f26effb82e7a1482c7e852336e8b02ec506a97d4730cd35
SSDEEP

24576:Vjf6A2rhG32Nzgxbw+idPmVmCKYfLYDj27TCXopSNDwxO9lXK:Vz6A2rhXNk8eV4YEuTEopSNksXK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5193239d497b3bd358df6c463ccb40N.exe

Files

bf5193239d497b3bd358df6c463ccb40N.exe
.exe windows:5 windows x86 arch:x86

886c6291f995bc312d80563686746690

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\snitch_client\Hooks\control\Release\control.pdb

Imports

psapi

GetProcessImageFileNameA

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSQuerySessionInformationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CreateEventW
LocalFree
ExitProcess
lstrlenA
FlushFileBuffers
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
CreateFileW
SetConsoleCtrlHandler
IsValidLocale
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
HeapSize
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetModuleFileNameW
GetStdHandle
HeapCreate
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetOverlappedResult
ReadFile
WriteFile
WaitForSingleObject
WaitNamedPipeA
GetLocalTime
FormatMessageA
DeviceIoControl
GetCurrentProcess
SetPriorityClass
CreateFileA
GetCurrentProcessId
CloseHandle
ReleaseMutex
CreateMutexA
ProcessIdToSessionId
GetProcAddress
GlobalUnlock
GetVersionExW
LoadLibraryW
OpenProcess
GetTickCount
GetLogicalDrives
GlobalLock
QueryDosDeviceA
GlobalSize
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
Sleep
GetLastError
CreateDirectoryA
ExpandEnvironmentStringsA
ReadConsoleInputA
SetConsoleMode
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
EnumSystemLocalesA
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RaiseException
HeapReAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
CreateThread
ResumeThread
ExitThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedIncrement

user32

DefWindowProcW
SetClipboardViewer
LoadKeyboardLayoutA
UpdateWindow
SendMessageW
OpenClipboard
BroadcastSystemMessageA
CreateWindowExW
IsWindow
LoadStringW
GetDesktopWindow
BroadcastSystemMessageW
ChangeClipboardChain
GetClipboardData
GetWindowTextA
LoadIconW
RegisterClassExW
GetClipboardOwner
GetKeyboardState
LoadAcceleratorsW
TranslateMessage
RegisterWindowMessageA
GetWindowTextLengthA
LoadCursorW
GetParent
IsClipboardFormatAvailable
KillTimer
PostMessageW
ToAscii
SetKeyboardState
PostQuitMessage
GetMessageW
SetTimer
TranslateAcceleratorW
CloseClipboard
MessageBoxA
ReleaseDC
GetDC
GetIconInfo
GetWindowThreadProcessId
GetKeyboardLayoutNameA
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
GetForegroundWindow

gdi32

RealizePalette
GetDIBits
GetObjectA
SelectObject
DeleteObject

advapi32

DeregisterEventSource
RegEnumValueA
RegQueryInfoKeyA
RegisterEventSourceA
ReportEventA
RegOpenKeyExA

shell32

Shell_NotifyIconW
ExtractIconA

oleaut32

VariantClear

sqlite3

sqlite3_step
sqlite3_errmsg
sqlite3_column_text
sqlite3_column_count
sqlite3_open
sqlite3_mprintf
sqlite3_busy_timeout
sqlite3_prepare_v2
sqlite3_exec
sqlite3_close
sqlite3_vmprintf
sqlite3_free
sqlite3_finalize
sqlite3_changes

loggerdll

?UnHooks@@YAKXZ
?SetHooks@@YAKPAUHWND__@@@Z

Sections

.text
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

886c6291f995bc312d80563686746690

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

wtsapi32

version

kernel32

user32

gdi32

advapi32

shell32

oleaut32

sqlite3

loggerdll

Sections

.text Size: 643KB - Virtual size: 642KB

.rdata Size: 266KB - Virtual size: 265KB

.data Size: 25KB - Virtual size: 43KB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 643KB - Virtual size: 642KB

.rdata
Size: 266KB - Virtual size: 265KB

.data
Size: 25KB - Virtual size: 43KB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 49KB - Virtual size: 49KB