bc8a13c5[.]exe[.]vir

Sharing

Copy URL Twitter E-mail

General

Target

bc8a13c5.exe.vir
Size

22.2MB
MD5

dcbdfa2f2ad1aff924d3748d8aaa2be0
SHA1

dcd83fc857ea276e5aecb12260ff039e8781b8bc
SHA256

bc8a13c576588365025c1c2430ff88775207f81fc89e7a7380c306c5915d56be
SHA512

fa4bde9cf03eb30208dbc99d132dd58b99f06ad5b58e56e561edb8a801b75b60a5c01f001477002b9e7a31d28e0662babe7098e7c5d9c0b8ba1a278cf46448ea
SSDEEP

393216:Ix/yab56lbl8T6Ya2h4eaAZMoQ7wGPvUCnGlxNAotWYuJsv6tWKFdu9Celcf:IxpejUClYTc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc8a13c5.exe.vir

Files

bc8a13c5.exe.vir
.exe windows:6 windows x64 arch:x64

041f974589e3ded04626af7ad8d9fd15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrChrW
PathRemoveFileSpecW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemePartSize
OpenThemeData
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmGetWindowAttribute

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

imm32

ImmNotifyIME
ImmAssociateContext
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmSetCandidateWindow
ImmGetOpenStatus
ImmSetCompositionWindow
ImmGetVirtualKey
ImmAssociateContextEx

gdi32

SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
DeleteObject
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
GetRegionData
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
RemoveFontMemResourceEx

kernel32

lstrcmpiW
lstrcatW
lstrcmpW
GetModuleHandleW
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
GetFileSize
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetProcAddress
InitializeSRWLock
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetCPInfo
GetStringTypeW
LCMapStringEx
GetModuleFileNameW
WriteProcessMemory
GetCurrentThreadId
CreateMutexW
ReleaseMutex
InitializeCriticalSection
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
GetSystemDirectoryA
VirtualAlloc
VirtualFree
GetStdHandle
GetEnvironmentVariableW
GetACP
DecodePointer
EncodePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
RaiseException
RtlPcToFileHeader
FormatMessageA
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibrary
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
MultiByteToWideChar
LCMapStringW
CompareStringW
RegisterWaitForSingleObject
UnregisterWaitEx
SetFilePointerEx
SetEndOfFile
GetFileType
FlushFileBuffers
GetFileInformationByHandleEx
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
WaitForMultipleObjects
Sleep
DuplicateHandle
GetSystemDirectoryW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
CloseHandle
CreateFileW
GetUserDefaultUILanguage
VirtualProtect
ExitProcess
CreateEventW
SetEvent
HeapWalk
GetProcessHeaps
GetLastError
LoadLibraryW
InitializeCriticalSectionAndSpinCount
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
MapViewOfFileEx
lstrlenW
ReleaseSRWLockShared
AcquireSRWLockShared
WakeAllConditionVariable
InitializeCriticalSectionEx
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetConsoleOutputCP
SetStdHandle
SetFileAttributesW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetSystemTimeAsFileTime

ole32

OleGetClipboard
OleSetClipboard
CoInitialize
OleUninitialize
StringFromGUID2
OleIsCurrentClipboard
RegisterDragDrop
CoLockObjectExternal
CoCreateInstance
CoInitializeEx
CoUninitialize
OleFlushClipboard
DoDragDrop
CoTaskMemFree
RevokeDragDrop
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
OleInitialize

shell32

SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetMalloc
SHGetFileInfoW
CommandLineToArgvW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHCreateItemFromParsingName
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetStockIconInfo

user32

AdjustWindowRectEx
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjects
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
GetKeyState
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx

winmm

timeKillEvent
timeGetTime
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
PlaySoundW
timeSetEvent

ws2_32

getsockopt
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
recv
connect
socket
bind
InetNtopW
freeaddrinfo
getaddrinfo
WSAStringToAddressW
WSAIoctl
WSASetLastError
shutdown
setsockopt
send
select
htons
htonl
getsockname
getpeername
ioctlsocket
closesocket
__WSAFDIsSet
WSAGetLastError
ntohs
WSAAsyncSelect
WSACleanup
WSAStartup

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetShareEnum

advapi32

RegOpenKeyExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

041f974589e3ded04626af7ad8d9fd15

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

kernel32

ole32

shell32

user32

winmm

ws2_32

crypt32

bcrypt

userenv

version

netapi32

advapi32

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 116KB - Virtual size: 202KB

.pdata Size: 556KB - Virtual size: 556KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 116KB - Virtual size: 202KB

.pdata
Size: 556KB - Virtual size: 556KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.reloc
Size: 87KB - Virtual size: 86KB