bc4bd5a12c405ca8791de22999fdcc40N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

bc4bd5a12c405ca8791de22999fdcc40N.exe
Size

5.8MB
MD5

bc4bd5a12c405ca8791de22999fdcc40
SHA1

e49127ef64553817a01518001e613153bd274c8b
SHA256

ae168f9e3969580ce8dacd473f736faa0db497a902c74401b8e64a8f11ba7e66
SHA512

a9bad7fa51cef1c348d6df694de20482d9ec1d34152b9498f3b360a25aec4bc4b9b235d52072f31fb128846d398ffde3fc68ab2454194a79e10ec780e44b2195
SSDEEP

49152:2lPsjvNGBSpEv/LHvLPGl+E7B1NItFWB3tS4kvIYawWV1YF6tv4E+ymw/jcrt7z9:2lwmePQ62R1lalUiSlASYZf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc4bd5a12c405ca8791de22999fdcc40N.exe

Files

bc4bd5a12c405ca8791de22999fdcc40N.exe
.exe windows:6 windows x64 arch:x64

669ae78eea94a97b3a216fddc3704ef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

aegagropilesacarinosisau.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

bcryptprimitives

ProcessPrng

kernel32

WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
IsProcessorFeaturePresent
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
MultiByteToWideChar
GetModuleHandleA
GetConsoleMode
InitializeSListHead
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
Sleep
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
SetUnhandledExceptionFilter
ReleaseMutex
GetStdHandle
DeleteFileW
CopyFileExW
IsDebuggerPresent
SetFileCompletionNotificationModes
GetCommandLineW
PostQueuedCompletionStatus
RtlUnwindEx
GetFileInformationByHandle
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
HeapReAlloc
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetSystemInfo
GetExitCodeProcess
WaitForSingleObject
EncodePointer
TerminateProcess
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
RtlVirtualUnwind
UnhandledExceptionFilter
CreateFileW
CreateIoCompletionPort
TlsGetValue
GetModuleFileNameW
GetLastError
TlsSetValue
TlsFree
LoadLibraryExW
CloseHandle
FindClose
HeapFree
SetFileInformationByHandle
SwitchToThread
GetProcAddress
SetLastError
GetFinalPathNameByHandleW
CreateMutexA
GetQueuedCompletionStatusEx
HeapAlloc
RtlPcToFileHeader

ws2_32

socket
getsockname
getpeername
getaddrinfo
getsockopt
select
connect
ioctlsocket
setsockopt
WSASocketW
WSAStartup
WSACleanup
recv
send
WSASend
shutdown
closesocket
freeaddrinfo
WSAGetLastError
accept
listen
bind
WSAIoctl

rstrtmgr

RmStartSession
RmGetList
RmRegisterResources

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
VariantClear
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayAccessData
SysFreeString

crypt32

CertDuplicateStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore

advapi32

CheckTokenMembership
AllocateAndInitializeSid
SystemFunction036
FreeSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

gdi32

CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateDCW
DeleteDC

ntdll

NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtWriteFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

secur32

QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleA
DecryptMessage
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
EncryptMessage

api-ms-win-crt-math-l1-1-0

_dclass
log
truncf
exp2f
ceil
roundf
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen
strncmp
strcmp
strcpy_s
strcspn
wcsncmp

api-ms-win-crt-heap-l1-1-0

_msize
_set_new_mode
realloc
calloc
free
malloc

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_register_onexit_function
_crt_atexit
terminate
abort
_seh_filter_exe
_endthreadex
_beginthreadex
exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

669ae78eea94a97b3a216fddc3704ef1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

ws2_32

rstrtmgr

oleaut32

crypt32

advapi32

ole32

user32

gdi32

ntdll

bcrypt

secur32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 87KB - Virtual size: 86KB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 87KB - Virtual size: 86KB

.reloc
Size: 58KB - Virtual size: 58KB