a4dc103c70777b941d92958cc3c2b57e5eb8f6210ff244d69f4b7193dc5d5f38[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a4dc103c70777b941d92958cc3c2b57e5eb8f6210ff244d69f4b7193dc5d5f38.bin
Size

451KB
MD5

d03eb3fed1f6cf09d13a2da29a10a7bb
SHA1

092285d0a42467ed2fc1db3099f161aad459eb4a
SHA256

a4dc103c70777b941d92958cc3c2b57e5eb8f6210ff244d69f4b7193dc5d5f38
SHA512

bc2f9c56f85bf060a61cbf4c98c1854dbcf92e9cf62efcca63a6d9ecc991b4a497bcdb0c3957d47355b0a9825efba97e96a0c8ccbc907f3b03763abc4476cb77
SSDEEP

6144:OTlFTiKC7lGDpa0N9bzhv+hsCmuF+YPsNcBy0ZICTHDhEnMrj+lZXMq:OTlliDkb16KSENcBrZfTFEnMur

Score

N/A

Malware Config

Signatures

Files

a4dc103c70777b941d92958cc3c2b57e5eb8f6210ff244d69f4b7193dc5d5f38.bin
.exe windows x64

000a3fab3435ac5b35f9cc55be278db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
send
socket
connect
inet_ntoa
recv
htons

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
CreateDirectoryW
GetVolumeInformationW
SetLastError
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
Process32FirstW
CloseHandle
CreateThread
FormatMessageA
SetUnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentDirectoryW
AreFileApisANSI
GetCurrentProcess
TerminateProcess
RtlCaptureContext
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsProcessorFeaturePresent
LocalFree

user32

GetClipboardData
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
GetWindow
GetWindowRect
SetClipboardData
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
DestroyWindow
MoveWindow
EnumWindows
DefWindowProcA
CreateWindowExA
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
SetCursor
LoadCursorW
GetForegroundWindow
ClientToScreen
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
SetWindowLongW
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
ScreenToClient

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

d3d9

Direct3DCreate9Ex

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memcpy
memcmp
memchr

api-ms-win-crt-stdio-l1-1-0

fread
fgetpos
__stdio_common_vsprintf
_wfopen
fwrite
fgetc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
fseek
fclose
fflush
__acrt_iob_func
fputc
ftell
setvbuf
_set_fmode
__p__commode
ungetc
fsetpos
__stdio_common_vsscanf
_fseeki64
_get_stream_buffer_pointers

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcmp

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof
strtol

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_errno
_c_exit
_set_app_type
_seh_filter_exe
_cexit
terminate
system
__p___argv
__p___argc
_initialize_narrow_environment
_beginthreadex
_crt_atexit
exit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_lock_file
remove
rename
_stat64i32
_unlock_file

api-ms-win-crt-math-l1-1-0

atanf
__setusermatherr
atan2f
sinf
acosf
sin
powf
ceilf
cos
cosf
fmodf
sqrtf
tanf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000a3fab3435ac5b35f9cc55be278db9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

imm32

dwmapi

msvcp140

d3d9

urlmon

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 472B

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 472B