2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.bin
Size

5.1MB
MD5

2ebbff36fc0f41916d130d49552bf545
SHA1

b2306e181530a4123392d200f1292eddb63e4488
SHA256

2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3
SHA512

81fafcf34b210da7404f606bfeb81746724b1efeb62f9d08cf2d0df02bb575ca70370b9e027db57d3a18bd3cfa5ae9f101be1cc05d4551d72ac1916eefeca6cf
SSDEEP

49152:UyNK+CTNrCx1e4SJ8sOMuXwwg+QqFbgQGsSHyU3Z2Xs+vxO2B2w9aeTC+0QEOuAa:9qT0xjpoRHyGodJ76lszwv

Score

N/A

Malware Config

Signatures

Files

2fcc3b332c728c4d820b5c4e242ff60b75b79eb5dc48fb4ebfe484161b7908e3.bin
.exe windows x64

f47978fdab37f00efdda299016c9c397

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

kernel32

GetSystemInfo
WakeConditionVariable
ReleaseSRWLockShared
GetFileInformationByHandle
GetCurrentProcess
DuplicateHandle
SetHandleInformation
GetModuleHandleA
GetCurrentThread
SetLastError
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
CreateFileW
SetFilePointerEx
DeviceIoControl
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
CreateThread
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
SetFileInformationByHandle
CopyFileExW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
GlobalMemoryStatusEx
PostQueuedCompletionStatus
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
CreateIoCompletionPort
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
SwitchToThread
GetModuleHandleW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
DeleteFileW
GetFileInformationByHandleEx
GetLogicalDrives
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
GetTickCount64
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
MoveFileExA
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionEx
GetUserPreferredUILanguages
WakeAllConditionVariable
GetLastError
ReleaseSRWLockExclusive
SetFileCompletionNotificationModes
CloseHandle
AcquireSRWLockExclusive
UnmapViewOfFile
RtlUnwind

ntdll

NtQuerySystemInformation
RtlGetVersion
NtCancelIoFileEx
NtQueryInformationProcess
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile

advapi32

LookupAccountSidW
CryptDestroyKey
CryptDestroyHash
CryptEncrypt
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
SystemFunction036
GetUserNameW
CryptImportKey
GetTokenInformation
OpenProcessToken

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
SysAllocString
SysAllocStringLen

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

ws2_32

send
ioctlsocket
connect
WSAIoctl
getsockopt
bind
recvfrom
closesocket
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
getsockname
WSAGetLastError
recv
WSASend
shutdown
getpeername
setsockopt
WSASocketW
listen
__WSAFDIsSet
inet_pton
WSASetLastError
socket
ntohs
htons
WSAWaitForMultipleEvents
gethostname
sendto
WSAResetEvent
htonl
accept
select
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect

crypt32

CertOpenStore
CryptUnprotectData
CertGetEnhancedKeyUsage
CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CryptDecodeObjectEx
CertFreeCertificateChainEngine

iphlpapi

GetIfTable2
GetIfEntry2
FreeMibTable

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

user32

EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW

gdi32

CreateDCW
DeleteObject
GetObjectW
GetDIBits
DeleteDC
SetStretchBltMode
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDeviceCaps

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

bcrypt

BCryptGenRandom

shell32

CommandLineToArgvW
SHGetKnownFolderPath

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW
EnumProcessModulesEx

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f47978fdab37f00efdda299016c9c397

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

ntdll

advapi32

oleaut32

pdh

ws2_32

crypt32

iphlpapi

netapi32

user32

gdi32

ole32

bcrypt

shell32

powrprof

psapi

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 28KB - Virtual size: 35KB

.pdata Size: 117KB - Virtual size: 117KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 28KB - Virtual size: 35KB

.pdata
Size: 117KB - Virtual size: 117KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 41KB - Virtual size: 41KB