bca4cb9eadfa4cf005a08805f4e15e0ffb380bdf2f1b64f0907e85f8e923c398

Sharing

Copy URL Twitter E-mail

General

Target

bca4cb9eadfa4cf005a08805f4e15e0ffb380bdf2f1b64f0907e85f8e923c398
Size

532KB
MD5

b883f07d2dc1f25a9001eef6f8c4495c
SHA1

57203e6ea582a5278cb97315cc71cabac6981d02
SHA256

bca4cb9eadfa4cf005a08805f4e15e0ffb380bdf2f1b64f0907e85f8e923c398
SHA512

c4b09ab9004360326c610eb9a7e8bfc81a66a735a866dd9fbba0117bac3bac8ef2a239be7ef3580f97d25057c72f7b402221053ad15c5e948abc38d43912b697
SSDEEP

12288:ML/xhUY9Nk6K6aevDaGF50VFpAEPNMgHSTjFG9CoAgA7Q+SDwlWXCctnOdvPG:u+FpAEPJojFGgoO7Q+SDwlWXDtnI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bca4cb9eadfa4cf005a08805f4e15e0ffb380bdf2f1b64f0907e85f8e923c398

Files

bca4cb9eadfa4cf005a08805f4e15e0ffb380bdf2f1b64f0907e85f8e923c398
.dll windows:5 windows x64 arch:x64

0a2beae2fba4f9e65cb5b4cba5b819d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentThread
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
CreateRemoteThread
GetThreadContext
SetThreadContext
ResumeThread
Wow64GetThreadContext
Wow64SetThreadContext
SuspendThread
DeviceIoControl
CreateDirectoryA
LoadLibraryW
CancelIo
WaitForMultipleObjects
GetComputerNameW
GetSystemInfo
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsWow64Process
EnterCriticalSection
LeaveCriticalSection
CreateNamedPipeW
ConnectNamedPipe
PeekNamedPipe
FlushFileBuffers
DisconnectNamedPipe
GetPriorityClass
K32GetProcessMemoryInfo
K32EnumProcessModules
K32GetProcessImageFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetNativeSystemInfo
SetFilePointer
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetLogicalDriveStringsW
GetDriveTypeW
K32GetModuleInformation
CreateFileMappingW
MapViewOfFile
FreeLibrary
GlobalFree
LocalFree
CreatePipe
GetStartupInfoW
lstrcmpW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
lstrcpynW
GetCurrentThreadId
ResetEvent
GetFileType
GetFileInformationByHandle
GetModuleHandleExW
InterlockedFlushSList
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointerEx
GetFileSizeEx
GetSystemTimeAsFileTime
DuplicateHandle
GetProcessId
WaitForDebugEvent
ContinueDebugEvent
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
SetLastError
CreateFileA
IsBadReadPtr
WTSGetActiveConsoleSessionId
lstrcatA
CreateProcessW
DeleteFileW
MoveFileW
TerminateThread
lstrlenA
lstrlenW
ReadFile
GetVolumeInformationW
QueryDosDeviceW
GetFileSize
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
SetEvent
SetThreadExecutionState
GetModuleHandleW
lstrcatW
GetLastError
VirtualProtect
lstrcpyA
SetFileAttributesW
GetTickCount
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexA
LocalAlloc
WriteFile
ExitProcess
Sleep
GetExitCodeProcess
OpenProcess
ExitThread
lstrcmpiW
GetCommandLineW
lstrcpyW
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentProcessId
ProcessIdToSessionId
CreateThread
CloseHandle
VirtualFree
WaitForSingleObject
VirtualAlloc
WideCharToMultiByte
CreateEventW

user32

GetAsyncKeyState
GetKeyState
RegisterRawInputDevices
DefWindowProcW
GetRawInputData
CallNextHookEx
GetWindowLongPtrW
PostQuitMessage
RegisterClassW
IsWindowVisible
GetClassNameW
EnumChildWindows
EnumWindows
ShowWindow
GetClipboardData
UnhookWindowsHookEx
SendMessageW
SetClipboardViewer
ChangeClipboardChain
GetCursorInfo
GetCursorPos
MessageBoxW
BlockInput
CloseDesktop
GetWindowTextW
GetUserObjectInformationW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowsHookExW
SetWindowLongPtrW
CreateWindowExW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
wsprintfA
ExitWindowsEx
SystemParametersInfoW
wsprintfW
OpenInputDesktop
GetThreadDesktop
GetDC
GetWindowThreadProcessId
GetSystemMetrics
GetDesktopWindow
ReleaseDC
MapVirtualKeyW
keybd_event
mouse_event
SetThreadDesktop
GetForegroundWindow

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetDIBits
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

advapi32

GetUserNameW
StartServiceW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
CreateProcessWithTokenW
OpenProcessToken
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
ClearEventLogW
OpenEventLogW
CloseEventLog
ReadEventLogA
OpenEventLogA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
EnumServicesStatusExW
ControlService
QueryServiceStatus
RegQueryValueExW
DeleteService
EnumServicesStatusW
QueryServiceConfig2W
QueryServiceConfigW
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
CreateWellKnownSid
RegQueryInfoKeyW

shell32

ord680
CommandLineToArgvW
ShellExecuteW
SHFileOperationW

ole32

CoUninitialize
CoInitializeSecurity
CLSIDFromString
IIDFromString
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

ws2_32

WSAStartup
sendto
recvfrom
WSAWaitForMultipleEvents
shutdown
WSACloseEvent
getprotobyname
select
getsockopt
ioctlsocket
send
WSARecv
connect
WSASocketW
getaddrinfo
inet_ntoa
gethostbyname
gethostname
WSAGetOverlappedResult
WSASend
recv
closesocket
WSAIoctl
accept
listen
bind
htonl
inet_addr
setsockopt
socket
htons
WSACreateEvent
WSAEnumNetworkEvents
WSAGetLastError
freeaddrinfo
ntohs
getpeername
WSAPoll
WSACleanup
getsockname
WSAEventSelect

winmm

timeGetTime

netapi32

NetUserSetInfo
NetUserAdd
NetLocalGroupAddMembers
NetUserEnum
NetApiBufferFree

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

PathRemoveFileSpecW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

urlmon

URLDownloadToFileW

ntdll

NtClose
NtDuplicateObject
NtRemoveProcessDebug
DbgUiSetThreadDebugObject
RtlFreeHeap
RtlAllocateHeap
NtQueryInformationProcess
__C_specific_handler
strlen
memcpy
memset
__chkstk
_wcsicmp
wcsncmp
NtQuerySystemInformation
wcsrchr
RtlAdjustPrivilege
NtQueryObject
wcsstr

rpcrt4

RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
NdrAsyncClientCall
RpcRaiseException
RpcAsyncCompleteCall

msvcrt

strftime
_localtime64
realloc
wcscmp
strcmp
atoi
strncmp
_errno
getenv
_time64
rename
strtol
strerror
tolower
isalnum
_mktime64
_initterm
_write
_close
_isatty
_open
_unlink
_lseek
_read
_stricmp
_strnicmp
__pctype_func
_lock
_unlock
_iob
_atoi64
_getdrive
__doserrno
wcspbrk
_wfullpath
___lc_codepage_func
__CppXcptFilter
__getmainargs
?terminate@@YAXXZ
___lc_handle_func
fflush
_fileno
ceil
log10
_clearfp
rand
abort
free
malloc
memchr
strrchr
strstr
memcmp
strchr
memmove
srand
strncpy
__CxxFrameHandler

Exports

Exports

run

Sections

.text
Size: 415KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a2beae2fba4f9e65cb5b4cba5b819d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

netapi32

wtsapi32

userenv

shlwapi

iphlpapi

urlmon

ntdll

rpcrt4

msvcrt

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 416KB

.rdata Size: 79KB - Virtual size: 80KB

.data Size: 17KB - Virtual size: 24KB

.pdata Size: 16KB - Virtual size: 20KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 415KB - Virtual size: 416KB

.rdata
Size: 79KB - Virtual size: 80KB

.data
Size: 17KB - Virtual size: 24KB

.pdata
Size: 16KB - Virtual size: 20KB

.reloc
Size: 3KB - Virtual size: 4KB