DigitalSide Threat Intel

Bundicut.exe

First submission 2024-10-13 01:26:06

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1061.13 KB (1086602 bytes)
Compile time: 2012-02-24 20:19:54
MD5: c065ba22909fc8dbded4ea0eebb24ad5
SHA1: b3d61dd7519be3d2909be9ce2d28f65ec7f9965d
SHA256: 9817f4d8bc1374f102196cfcb8a351abdc0563dea60f6084a7525e5ee5409b6d
Import Hash : be41bf7b8cc010b614bd36bbca606973
Sections 6 .text .rdata .data .ndata .rsrc .reloc
Directories 4 import resource relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 10/77 VT report date: 2024-10-13 01:00:16
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.130.147.211/Files/Bundicut.exe VirusTotal Report 103.130.147.211 VirusTotal Report 2024-10-13 01:26:06

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6dae 28160 3f4c995439cec283f1f51d71acb1f25bef740b63 00499a6f70259150109c809d6aa0e6ed
.rdata 0x8000 0x2a62 11264 05985b7f60a664d2595e9406ae3b208c97597bbc 07990aaa54c3bc638bb87a87f3fb13e3
.data 0xb000 0x67ebc 512 92d7e0d8d66861f702d867dac616b7d02bca94ec 014871d9a00f0e0c8c2a7cd25606c453
.ndata 0x73000 0x81000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xf4000 0x85a8 34304 8c170f3f7b5d28ac61b3b0138b6d855c00d9de19 9dff8efb6cb5e3124b64b6bb0f444b58
.reloc 0xfd000 0xf32 4096 e7905f52ef19dc42fd4f4826fe69ebac177f0e8b d5ec3cf97c0668f4bbd50420ccf8fbc1

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xfbb98 1128
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0xfc220 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xfc280 76
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xfc2d0 726

Packers detected 1

Nullsoft PiMP Stub -> SFX

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
fdd92a714cfc1bb8a4cef394eb8e0559 adde79fcf19df44e081289d9e5e551feec1e5503 10416 1076186

Strings analysis - File found

Log
install.log
Temporary
~nsu.tmp
Library
ADVAPI32.dll
VERSION.dll
SHELL32.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible URLs found 15

http://ocsp.digicert.com0X
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://ocsp.digicert.com0C
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://nsis.sf.net/NSIS_Error
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0\
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
GetFileVersionInfoSizeW 0x4082ac
GetFileVersionInfoW 0x4082b0
VerQueryValueW 0x4082b4
Function Address Souspicious Anti Debug
SetBkColor 0x40803c
GetDeviceCaps 0x408040
DeleteObject 0x408044
CreateBrushIndirect 0x408048
CreateFontIndirectW 0x40804c
SetBkMode 0x408050
SetTextColor 0x408054
SelectObject 0x408058
Function Address Souspicious Anti Debug
RegEnumKeyW 0x408000
RegOpenKeyExW 0x408004
RegCloseKey 0x408008
RegDeleteKeyW 0x40800c
RegDeleteValueW 0x408010
RegCreateKeyExW 0x408014
RegSetValueExW 0x408018
RegQueryValueExW 0x40801c
RegEnumValueW 0x408020
Function Address Souspicious Anti Debug
SetFileTime 0x408060
CompareFileTime 0x408064
SearchPathW 0x408068
GetShortPathNameW 0x40806c
GetFullPathNameW 0x408070
MoveFileW 0x408074
SetCurrentDirectoryW 0x408078
GetFileAttributesW 0x40807c
GetLastError 0x408080
CreateDirectoryW 0x408084
SetFileAttributesW 0x408088
Sleep 0x40808c
GetTickCount 0x408090
GetFileSize 0x408094
GetModuleFileNameW 0x408098
GetCurrentProcess 0x40809c
CopyFileW 0x4080a0
ExitProcess 0x4080a4
GetWindowsDirectoryW 0x4080a8
GetTempPathW 0x4080ac
GetCommandLineW 0x4080b0
SetErrorMode 0x4080b4
lstrcpynA 0x4080b8
CloseHandle 0x4080bc
lstrcpynW 0x4080c0
GetDiskFreeSpaceW 0x4080c4
GlobalUnlock 0x4080c8
GlobalLock 0x4080cc
CreateThread 0x4080d0
LoadLibraryW 0x4080d4
CreateProcessW 0x4080d8
lstrcmpiA 0x4080dc
CreateFileW 0x4080e0
GetTempFileNameW 0x4080e4
lstrcatW 0x4080e8
GetProcAddress 0x4080ec
LoadLibraryA 0x4080f0
GetModuleHandleA 0x4080f4
OpenProcess 0x4080f8
lstrcpyW 0x4080fc
GetVersionExW 0x408100
GetSystemDirectoryW 0x408104
GetVersion 0x408108
lstrcpyA 0x40810c
RemoveDirectoryW 0x408110
lstrcmpA 0x408114
lstrcmpiW 0x408118
lstrcmpW 0x40811c
ExpandEnvironmentStringsW 0x408120
GlobalAlloc 0x408124
WaitForSingleObject 0x408128
GetExitCodeProcess 0x40812c
GlobalFree 0x408130
GetModuleHandleW 0x408134
LoadLibraryExW 0x408138
FreeLibrary 0x40813c
WritePrivateProfileStringW 0x408140
GetPrivateProfileStringW 0x408144
WideCharToMultiByte 0x408148
lstrlenA 0x40814c
MulDiv 0x408150
WriteFile 0x408154
ReadFile 0x408158
MultiByteToWideChar 0x40815c
SetFilePointer 0x408160
FindClose 0x408164
FindNextFileW 0x408168
FindFirstFileW 0x40816c
DeleteFileW 0x408170
lstrlenW 0x408174
Function Address Souspicious Anti Debug
SHBrowseForFolderW 0x40817c
SHGetPathFromIDListW 0x408180
SHGetFileInfoW 0x408184
ShellExecuteW 0x408188
SHFileOperationW 0x40818c
SHGetSpecialFolderLocation 0x408190
Function Address Souspicious Anti Debug
CoTaskMemFree 0x4082bc
OleInitialize 0x4082c0
OleUninitialize 0x4082c4
CoCreateInstance 0x4082c8
Function Address Souspicious Anti Debug
GetAsyncKeyState 0x408198
IsDlgButtonChecked 0x40819c
ScreenToClient 0x4081a0
GetMessagePos 0x4081a4
CallWindowProcW 0x4081a8
IsWindowVisible 0x4081ac
LoadBitmapW 0x4081b0
CloseClipboard 0x4081b4
SetClipboardData 0x4081b8
EmptyClipboard 0x4081bc
OpenClipboard 0x4081c0
TrackPopupMenu 0x4081c4
GetWindowRect 0x4081c8
AppendMenuW 0x4081cc
CreatePopupMenu 0x4081d0
GetSystemMetrics 0x4081d4
EndDialog 0x4081d8
EnableMenuItem 0x4081dc
GetSystemMenu 0x4081e0
SetClassLongW 0x4081e4
IsWindowEnabled 0x4081e8
SetWindowPos 0x4081ec
DialogBoxParamW 0x4081f0
CheckDlgButton 0x4081f4
CreateWindowExW 0x4081f8
SystemParametersInfoW 0x4081fc
RegisterClassW 0x408200
SetDlgItemTextW 0x408204
GetDlgItemTextW 0x408208
MessageBoxIndirectW 0x40820c
CharNextA 0x408210
CharUpperW 0x408214
CharPrevW 0x408218
wvsprintfW 0x40821c
DispatchMessageW 0x408220
PeekMessageW 0x408224
wsprintfA 0x408228
DestroyWindow 0x40822c
CreateDialogParamW 0x408230
SetTimer 0x408234
SetWindowTextW 0x408238
PostQuitMessage 0x40823c
SetForegroundWindow 0x408240
ShowWindow 0x408244
wsprintfW 0x408248
SendMessageTimeoutW 0x40824c
LoadCursorW 0x408250
SetCursor 0x408254
GetWindowLongW 0x408258
GetSysColor 0x40825c
CharNextW 0x408260
GetClassInfoW 0x408264
ExitWindowsEx 0x408268
IsWindow 0x40826c
GetDlgItem 0x408270
SetWindowLongW 0x408274
LoadImageW 0x408278
GetDC 0x40827c
EnableWindow 0x408280
InvalidateRect 0x408284
SendMessageW 0x408288
DefWindowProcW 0x40828c
BeginPaint 0x408290
GetClientRect 0x408294
FillRect 0x408298
DrawTextW 0x40829c
EndPaint 0x4082a0
FindWindowExW 0x4082a4
Function Address Souspicious Anti Debug
ImageList_AddMasked 0x408028
ImageList_Destroy 0x40802c
None 0x408030
ImageList_Create 0x408034

Related files by ImpHash 53 be41bf7b8cc010b614bd36bbca606973

Name Latest seen MD5
HrNQKzxJSJyBHMe.exe 2022-09-11 14:15:10 5fd7895ad8c6f4cbafeb0877637027ad
smartsoftsignew.exe 2024-05-31 21:25:02 66a5a529386533e25316942993772042
AdaptorOvernight.exe 2024-07-08 12:58:05 e0d29de6e2fa7590f857f1ef825c943c
ComeDraft.exe 2024-07-20 07:35:02 5f661bce27073f4b496277cbc2fa246d
InfluencedNervous.exe 2024-09-01 22:05:22 1b0fe9739ef19752cb12647b6a4ba97b
PharmaciesDetection.exe 2024-09-02 01:57:02 569720e2c07b1d34bac1366bf2b1c97a
BallsClassified.exe 2024-07-26 23:07:02 b74b4dc696daa20dccd7f743c8c1e1a2
HostelCurves.exe 2024-07-28 15:40:03 9512f65eed44bccd7da4ca3d8adb397d
AnneSalt.exe 2024-08-25 13:11:02 0dac2872a9c5b21289499db3dcd2f18d
ConsiderableWinners.exe 2024-08-25 13:24:03 a23837debdc8f0e9fce308bff036f18f
SemiconductorNot.exe 2024-09-02 03:09:02 7adfc6a2e7a5daa59d291b6e434a59f3
NorthSperm.exe 2024-08-27 15:01:02 ff83471ce09ebbe0da07d3001644b23c
66d08591035ef_AttachmentDaughters.exe 2024-10-07 21:42:02 abb713cf90e8345c0b6b79345cbdc9d6
66d0c13d2f0ed_ImpressedHub.exe 2024-10-06 10:14:02 2f5226b4116ce79afb6dcb32fa647954
66d1b31955f50_SunshineSolving.exe 2024-10-05 10:57:02 0a34380175bb4da2cce136e0cb3d3e04
updataxx3264.exe 2024-09-03 15:34:06 0885bc5d9c2aa1895ebd5fcad13b53be
66d60cd3ce002_SeparatelyDied.exe 2024-10-05 12:10:05 1959ce1e98b798963f8b7d04bfb71e69
TikTokTool24.exe 2024-09-05 09:50:04 3c0bc60ec3907224b9720d80bf799281
66ed8059174df_ConsiderMilfs.exe 2024-09-20 16:34:02 12860c8f39570ea1a7256b7ed9dabccf
66e86c030044f_UniversityGradually.exe 2024-10-05 13:56:02 8bc957246166f6b5d99c1b63d34dd663
file.exe 2024-09-21 17:32:02 9b990bb6a27b497a1a19b8665b02b557
file1.exe 2024-09-21 18:41:03 bfc3d290228830fb01f0238e5ade7803
pic4.jpg 2024-09-22 13:35:03 2881d62826eb02ac92a022b2155e4007
66f19da1b85de_cryotr.exe#kiscrypt 2024-10-07 20:47:06 8f13e73a3c7d22ee7c1730cf8821f7ac
66f25393e0294_STcryotr.exe 2024-10-08 05:02:02 e457e6ce6ea00506eec98fab4ab49f74
66f5726937cd7_AngryBaths.exe 2024-09-26 16:59:01 dcf197da548e85d911ce6d40222b3592
66f5920e5f6b9_PoliciesCups.exe#angry 2024-09-26 19:29:02 db5245aa66c7883d72b0f718467c842b
66f5a3dbd9df9_ParentingContractor.exe 2024-10-05 10:58:02 4f3ddd6692d604ecf2bd37d93d0f2387
splwow64_1.exe 2024-10-13 07:38:01 2b01c9b0c69f13da5ee7889a4b17c45e
VidsUsername.exe 2024-09-27 19:34:02 081c87c612e074a69ed34d7102543bbc
KeyFormed.exe 2024-09-27 20:27:02 a823c6a042891f63236b8ae3d9c13ba3
66e5f96b41510_GageEpa.exe#111us 2024-10-05 12:55:02 43044a8822f069feddd9c02fe36d8517
66daf6d8ac980_PeakSports.exe#pend 2024-09-28 01:47:02 bdefc54e5fe6f091f968a28aa63783ba
66e01056bf2b0_crymeta.exe#kiscrmeta 2024-09-28 02:19:03 0675a6d25449fba8a9a04fae80448789
66e08d1814f75_BrickAaron.exe 2024-10-07 23:02:02 5673f47783f3a8e794f6863f1a7c3c7d
66f8f23776c09_DisplayedScreensavers.exe 2024-10-04 01:36:02 659535a3135886f39da6baf90e54ad98
BlankOffense.exe 2024-09-30 08:43:02 1bec0616f2e4dc133175566d1c6bd6dd
66fad513a308f_SubstituteAgain.exe 2024-10-08 01:42:02 35bab7028aa376556c3236b773506a9b
66fbd9a4db4c9_GovernmentalSa.exe#abd 2024-10-01 14:44:02 5e55a47b6d7053f9d1ff19539863b8c2
66f98113b83e6_BellyVary.exe 2024-10-02 02:45:01 db7b43084f7a44e3290774e36d49ce41
66bc8193eca9e_Setup.exe 2024-10-03 12:38:12 02edfdc2fb2ff2725436b7646b7f06ad
66b11f4cc8fbf_MarriageWriters.exe 2024-10-09 01:25:02 9347630d9d6b626d7fefbbdea5d20fe9
PkContent.exe 2024-10-03 21:25:02 87c051a77edc0cc77a4d791ef72367d1
DeliciousPart.exe 2024-10-03 21:26:02 8432070440b9827f88a75bef7e65dd60
66fd8d779da5e_EscortsRadios.exe 2024-10-05 12:40:02 9f2aa036b01b51f6ce185d8c2410c22a
66d4be7ccdf92_UniformDaniel.exe 2024-10-07 21:23:02 edafae4e89866d79921eabe87af81458
1.exe 2024-10-05 02:51:02 774c8215da3cb73644d36ca3f60e676b
66f69a884f4b8_PossessionInfo.exe 2024-10-05 13:38:02 24fb3edc746f33e554573ca372828c24
66b7a4a075311_AsianAsp.exe 2024-10-09 19:55:02 4f92aec3cd981658d5311657bee27d9a
67024df52de10_ElliottProtocols_nopump.exe#stealckiscrypto 2024-10-06 21:54:02 1e31ae89e90ab1a25e4d578b19154bd7
66d97e79cfb65_CnnWebster.exe 2024-10-08 00:42:02 5b977a760bd1fee841927a01bfff0991
InstallSetup.exe 2024-10-08 09:48:02 e6dd6a25125edd4c21fe5cf7bafcd2bb
6705797d4437e_game_bench.exe 2024-10-08 22:41:02 888da0597b89d2a8dfc4c5d7dfb22dfd