6367f7ad139f277e90ed913131e6eec17add134d158a7f3abaa0ba54c76dae4b

Sharing

Copy URL

Twitter E-mail

General

Target

6367f7ad139f277e90ed913131e6eec17add134d158a7f3abaa0ba54c76dae4b
Size

390KB
MD5

19ecd4769b9f566869d80e54c43991a7
SHA1

e52befe043c402129343cf47cd5d21d147eb7387
SHA256

6367f7ad139f277e90ed913131e6eec17add134d158a7f3abaa0ba54c76dae4b
SHA512

b274ee6ec83e050f9571d6f8533ab138f34e1914e460d3294d85a39ef6593d2d6bdf83066d93d67a5a15f57b9d0d41eea5ae2872994c2e49a6de2e2f6066ebd5
SSDEEP

6144:4jCpbTkJYeG6qg8F5lxkxjoO7T5v5qGTpvSzjQfxJU:eFo/blxkxjo2TDqIp20fE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6367f7ad139f277e90ed913131e6eec17add134d158a7f3abaa0ba54c76dae4b

Files

6367f7ad139f277e90ed913131e6eec17add134d158a7f3abaa0ba54c76dae4b
.exe windows:6 windows x86 arch:x86

1bea789d1934d2b7bb495d319d0e78db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\TeamCity\buildAgent\work\b925adac8dc2e423\BugSplat\Win32\Release\BsSndRpt.pdb

Imports

kernel32

RemoveDirectoryW
GetCommandLineW
LockResource
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
MapViewOfFile
CreateFileMappingW
GetLastError
CopyFileW
OpenFileMappingW
TerminateProcess
SetUnhandledExceptionFilter
GetFileInformationByHandle
CreateFileW
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EnterCriticalSection
EncodePointer
IsDebuggerPresent
MulDiv
CreateEventW
SystemTimeToFileTime
GetLocalTime
FileTimeToDosDateTime
ReadFile
GetFileSize
GetFileType
FileTimeToSystemTime
ResumeThread
SetThreadPriority
CreateThread
VerifyVersionInfoW
VerSetConditionMask
LocalFree
OutputDebugStringW
FormatMessageW
Sleep
lstrlenW
SetLastError
CompareStringW
GetTempPathW
SetFilePointer
WriteFile
CreateDirectoryW
GetExitCodeProcess
FlushFileBuffers
ResetEvent
SetEvent
OpenProcess
WaitForSingleObject
GetCurrentProcess
WideCharToMultiByte
GetCurrentThreadId
GetPrivateProfileStringW
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryExW
FindResourceW
LoadResource
IsProcessorFeaturePresent
SizeofResource
UnmapViewOfFile
GetACP
MultiByteToWideChar
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
InitializeSListHead
RaiseException

user32

SetWindowPos
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
EndDialog
MessageBeep
GetActiveWindow
IsWindow
OffsetRect
GetCapture
GetDlgCtrlID
TrackMouseEvent
DrawFocusRect
GetSysColor
IsWindowEnabled
SetFocus
LoadCursorW
GetClassNameW
SetTimer
SetCapture
GetDC
SetRectEmpty
SetWindowLongW
GetClientRect
DrawTextW
SystemParametersInfoW
ShowWindow
KillTimer
GetParent
DialogBoxParamW
PtInRect
UpdateWindow
EnableWindow
PostMessageW
SetForegroundWindow
ReleaseCapture
InvalidateRect
ReleaseDC
GetCursorPos
BringWindowToTop
BeginPaint
EndPaint
DestroyWindow
GetFocus
CallWindowProcW
GetWindowTextLengthW
DefWindowProcW
GetWindowLongW
MapWindowPoints
GetWindowRect
SetWindowTextW
GetMonitorInfoW
SetDlgItemTextW
GetWindow
SetCursor
UnregisterClassW
LoadStringW
CharNextW
MessageBoxW
MonitorFromWindow
GetDlgItem
GetWindowTextW

advapi32

CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptGetHashParam
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

VarUI4FromStr

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ

comctl32

InitCommonControlsEx

vcruntime140

__std_exception_destroy
memcpy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
wcsrchr
memcmp
wcschr
memmove
_purecall
wcsstr
memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_invalid_parameter_noinfo
_errno
exit
_configure_narrow_argv
_initialize_narrow_environment
_controlfp_s
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_exit
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscmp
_wcslwr_s
strcpy_s
wcscat_s
wcscpy_s
_wcsupr_s
iswspace
_stricmp
wcslen
strlen
_wcsicmp
wcsnlen
wcsncmp
wmemcpy_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wunlink
_wsplitpath_s

api-ms-win-crt-heap-l1-1-0

_recalloc
_set_new_mode
_callnewh
malloc
realloc
free

api-ms-win-crt-convert-l1-1-0

_wtoi
strtod
strtoll
strtoull

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf_s
ungetc
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vfwprintf_p
__acrt_iob_func
_wfopen_s
fclose
__stdio_common_vfwprintf
fwrite
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fgetc
setvbuf
fgetpos
__stdio_common_vsprintf
fflush
__stdio_common_vswprintf
fputc

api-ms-win-crt-time-l1-1-0

_tzset
_mktime64
wcsftime
_localtime64_s
_time64

api-ms-win-crt-math-l1-1-0

_dtest
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

dbghelp

MiniDumpWriteDump

shlwapi

PathFindFileNameW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

InternetCheckConnectionW
HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
InternetAttemptConnect
InternetQueryOptionW

ws2_32

gethostname
inet_ntoa
WSAStartup
WSACleanup
gethostbyname

gdi32

GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateFontIndirectW
SelectObject

shell32

ShellExecuteW

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bea789d1934d2b7bb495d319d0e78db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

comctl32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

dbghelp

shlwapi

rpcrt4

wininet

ws2_32

gdi32

shell32

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 9KB - Virtual size: 8KB