BDFirm180.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.422332789308003
|
Filename: |
BDFirm180.exe
|
Filesize: |
6023168
|
MD5: |
d1d78d33fb33f1d0a0d217c77febb364
|
SHA1: |
f1eb83f04a4d6a57f546164846f99db6a4e3c569
|
SHA256: |
3493225143e3b0935083fd7b2c66cead25b4d639486520934e2f18e6b4540254
|
SHA512: |
926a863e57ac213b171307fd518f35c59f95b8f010021904546e43342a3254969800f4e7b15ce28802e8efcc72502aa02fc27246cce70353bb83f11cabf74952
|
SSDEEP: |
98304:SKInouWSR9VquHQ7VzQ69Rh/h+rrL+/wUbfoblz73CkCgiHRBFeC:g3HQu69Rh/ATEbAB33CkCvxBh
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..fIA.fIA.fIA<..A.fIA<..A.fIA<..A.fIA<..A.fIA...A.fIA...AtfIA...A.gIA.i.A.fIA.fHA.eIA...A.fIA...A.fIA.f.A.fIA...A.fIARich.fI
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
PE file contains executable resources (Code or Archives) |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Creates mutexes |
System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Sample is known by Antivirus |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
PE file contains a valid data directory to section mapping |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file imports many functions |
System Summary |
|
PE file has a big raw section |
System Summary |
|
PE file has a big code size |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL
|
Category: |
dropped
|
Dump: |
RemoteCTR.DLL.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\BDFirm180.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
5.609642457588111
|
Encrypted: |
false
|
Size: |
159744
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Creates temporary files |
System Summary |
|
|