|
BDFirm180.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
7.422332789308003
|
| Filename: |
BDFirm180.exe
|
| Filesize: |
6023168
|
| MD5: |
d1d78d33fb33f1d0a0d217c77febb364
|
| SHA1: |
f1eb83f04a4d6a57f546164846f99db6a4e3c569
|
| SHA256: |
3493225143e3b0935083fd7b2c66cead25b4d639486520934e2f18e6b4540254
|
| SHA512: |
926a863e57ac213b171307fd518f35c59f95b8f010021904546e43342a3254969800f4e7b15ce28802e8efcc72502aa02fc27246cce70353bb83f11cabf74952
|
| SSDEEP: |
98304:SKInouWSR9VquHQ7VzQ69Rh/h+rrL+/wUbfoblz73CkCgiHRBFeC:g3HQu69Rh/ATEbAB33CkCvxBh
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'..fIA.fIA.fIA<..A.fIA<..A.fIA<..A.fIA<..A.fIA...A.fIA...AtfIA...A.gIA.i.A.fIA.fHA.eIA...A.fIA...A.fIA.f.A.fIA...A.fIARich.fI
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Multi AV Scanner detection for submitted file |
AV Detection |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
| PE file contains executable resources (Code or Archives) |
System Summary |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Creates mutexes |
System Summary |
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| Reads software policies |
System Summary |
System Information Discovery
|
| Sample is known by Antivirus |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
| PE file contains a valid data directory to section mapping |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| PE file imports many functions |
System Summary |
|
| PE file has a big raw section |
System Summary |
|
| PE file has a big code size |
System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\RemoteCTR.DLL
|
| Category: |
dropped
|
| Dump: |
RemoteCTR.DLL.0.dr
|
| ID: |
dr_0
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\BDFirm180.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
5.609642457588111
|
| Encrypted: |
false
|
| Size: |
159744
|
| Whitelisted: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
| Creates temporary files |
System Summary |
|
|
