1ef9c948e6045d8d8794a89cc9545b0f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1ef9c948e6045d8d8794a89cc9545b0f.bin
Size

819KB
MD5

1ef9c948e6045d8d8794a89cc9545b0f
SHA1

7fa3530f3cc242075c04a43593faea2a8ce7a194
SHA256

04642249b0ad41b1c6cc8862ec372c3b9b1e855d104a16a6a3fae694cc23ec0c
SHA512

61ddc02f01ac8f5b1aae74716b74110b3b4bddc3bf82748d18efcbd92ba2051d86cdc4407101a9bb9e9c925d2a6e43aae242d032a58f06facd283b51ef61c3f3
SSDEEP

12288:buT+iN+L6m8nLoIGs/FrvyALu8aeBVnFqfBwmkUmIZksaqQuVt+OeO+OeNhBBhhJ:CT+iNGJuY+DUm/sa3uVZX1fH6nq

Score

N/A

Malware Config

Signatures

Files

1ef9c948e6045d8d8794a89cc9545b0f.bin
.exe windows x86

e0a6293991c65f12bff07e54c871d60d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
GetSystemDirectoryW
LoadLibraryW
GetTickCount
GetLastError
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetStartupInfoW
GetCurrentProcessId
InterlockedPushEntrySList
RaiseException
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
WriteFile
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
OutputDebugStringW
HeapReAlloc
FlushFileBuffers
SetStdHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
HeapSize
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
DeleteFileW
GetTimeZoneInformation
GetCurrentThreadId
Sleep
WaitForSingleObjectEx
QueryPerformanceFrequency
QueryPerformanceCounter
FreeLibrary
GetProcessHeap
GetProcAddress
HeapAlloc
SetLastError
HeapFree
lstrcmpiW
CloseHandle
CreateFileA
IsDebuggerPresent
DeviceIoControl

advapi32

CryptAcquireContextW
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

ws2_32

gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
htons
socket
setsockopt
ntohs
WSASetLastError
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAIoctl

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord145
ord219
ord46
ord14

crypt32

CryptQueryObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertOpenStore
CertCloseStore

Sections

.text
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0a6293991c65f12bff07e54c871d60d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

wldap32

crypt32

Sections

.text Size: 631KB - Virtual size: 631KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 631KB - Virtual size: 631KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 30KB - Virtual size: 29KB