bf5c9462975582dcf1d42cbe2c458476a10eec08c88e60e413581e01d8fbb21d

Sharing

Copy URL Twitter E-mail

General

Target

bf5c9462975582dcf1d42cbe2c458476a10eec08c88e60e413581e01d8fbb21d
Size

1.9MB
MD5

5cb5b48ebbcc046c6274185561fd7a38
SHA1

0e480c12defbdddf8be26beae59abbaf1fd81c86
SHA256

bf5c9462975582dcf1d42cbe2c458476a10eec08c88e60e413581e01d8fbb21d
SHA512

1348f4ccf9aa67608851feba7f6962496184a258e4c787f63d932cbda517fc0bc8ac088414f820ca9f2f1d22c2e87ab3e0df3f2756735d5fd728cc127d7d8b4e
SSDEEP

24576:hFTsOzMjoa+6CaHaCX13iHXjRGbdddddGosKlbb3opFrdZddddddddddddddddRW:hF4aMjQIaCF3iHXjRJP1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf5c9462975582dcf1d42cbe2c458476a10eec08c88e60e413581e01d8fbb21d

Files

bf5c9462975582dcf1d42cbe2c458476a10eec08c88e60e413581e01d8fbb21d
.dll regsvr32 windows:4 windows x86 arch:x86

6ce074ffc2c17c406976a061e16759ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fastpic_ext.pdb

Imports

kernel32

WriteFile
CreateFileW
SetEvent
LockResource
FindResourceExW
GlobalDeleteAtom
OutputDebugStringW
GlobalUnlock
GlobalLock
lstrcmpW
GetPrivateProfileStringW
GetFileAttributesW
MoveFileW
GetEnvironmentVariableW
GetPrivateProfileIntW
GetCurrentThreadId
WaitForMultipleObjects
ResetEvent
ReadFile
GetFileSize
lstrlenA
WideCharToMultiByte
GetSystemDirectoryW
GetVersionExW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
InterlockedCompareExchange
GetSystemInfo
GetCurrentProcess
MoveFileExW
SetLastError
ReplaceFileW
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVolumeInformationW
GetVolumePathNameW
CopyFileW
GetLongPathNameW
GetTempFileNameW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
SetFileTime
GetFileInformationByHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLocalTime
CreateProcessW
TerminateThread
CreateThread
IsBadReadPtr
VirtualProtect
GetModuleHandleA
VirtualAllocEx
VirtualFree
VirtualFreeEx
IsBadCodePtr
GetTempPathW
SetFilePointer
LocalAlloc
CreateFileA
OpenProcess
ReadProcessMemory
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
GetComputerNameA
GlobalFree
GlobalAlloc
FreeResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
VirtualAlloc
HeapCreate
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetFileType
SetStdHandle
GetCurrentProcessId
GetFullPathNameW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetModuleFileNameW
WritePrivateProfileStringW
GetProcAddress
CloseHandle
CreateEventW
WaitForSingleObject
LoadLibraryW
Sleep
GlobalFindAtomW
GlobalAddAtomW
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetLastError
lstrlenW
GetModuleHandleW
DisableThreadLibraryCalls
LocalFree
TerminateProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

EndPaint
GetClientRect
SetFocus
DefWindowProcW
InvalidateRect
UpdateWindow
DestroyWindow
SetWindowLongW
GetWindowLongW
SetMenuItemBitmaps
InsertMenuW
GetMenuStringW
GetMenuItemCount
DeleteMenu
InsertMenuItemW
CreatePopupMenu
LoadBitmapW
DestroyIcon
ReleaseDC
DrawIconEx
GetDC
GetIconInfo
LoadImageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowThreadProcessId
GetWindowRect
CharNextW
ShowWindow
LoadCursorW
RegisterClassW
CreateWindowExW
SendMessageW
EnumChildWindows
GetClassNameW
FindWindowW
FindWindowExW
BeginPaint
UnregisterClassA
GetDesktopWindow
GetParent
SetWinEventHook
RegisterClassExW
SetTimer
IsWindow
GetForegroundWindow
IsChild
PostMessageW
PostQuitMessage
IsWindowVisible
GetWindowTextW
RealGetWindowClassW

gdi32

GetObjectW
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetBkColor
GetTextExtentPointW
TextOutW
DeleteObject
CreateSolidBrush

advapi32

GetNamedSecurityInfoW
GetAce
DeleteAce
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHCreateDirectoryExW
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHLoadInProc

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
CoInitialize
StringFromGUID2
CoCreateInstance
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SysStringByteLen
VarUI4FromStr
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindExtensionW
ord176
StrRetToBufW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleInformation
GetMappedFileNameW

winmm

timeGetTime

gdiplus

GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipDeleteGraphics
GdipLoadImageFromStreamICM
GdiplusStartup
GdipFillRectangleI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallExt

Sections

.text
Size: 808KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce074ffc2c17c406976a061e16759ad

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

winmm

gdiplus

Exports

Exports

Sections

.text Size: 808KB - Virtual size: 806KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 916KB - Virtual size: 912KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 808KB - Virtual size: 806KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 916KB - Virtual size: 912KB

.reloc
Size: 36KB - Virtual size: 35KB