3d18b9c312abaa8dd93dc0d1abfdc97e72788100fb1effb938b5f6f4fd3b59eb[.]bin[.]sample

Resubmissions

20/01/2023, 16:09

230120-tma7wsag6y 1

19/01/2023, 17:49

230119-wdzv1adf8w 1

10/01/2023, 19:16

230110-xyssvshc36 1

Sharing

Copy URL Twitter E-mail

General

Target

3d18b9c312abaa8dd93dc0d1abfdc97e72788100fb1effb938b5f6f4fd3b59eb.bin.sample
Size

237KB
MD5

f54bab2c3a40b23b68ee96214feb4c36
SHA1

23e9d53c3052202020dcb6b5994a9a652dd319bc
SHA256

3d18b9c312abaa8dd93dc0d1abfdc97e72788100fb1effb938b5f6f4fd3b59eb
SHA512

01dce12da2b4d56e24ae7ed746009cc339f29e8981c4a914a9efff891559a6b1e35fb23bb8e6d4928f049cdfe94a07cc7e712cb5f713f1e66b5a3aba6c4cebef
SSDEEP

6144:5KErhCyWWy9nuqLheVzUYbG84D9JrI+1FJ:QhYonrCzdC84fFJ

Score

N/A

Malware Config

Signatures

Files

3d18b9c312abaa8dd93dc0d1abfdc97e72788100fb1effb938b5f6f4fd3b59eb.bin.sample
.exe windows x86

d4188567c97401d9985cb3af99aa9522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetEnvironmentVariableW
GetTempPathW
lstrlenA
FindClose
CreateFileW
lstrcmpA
GetPrivateProfileSectionNamesW
MultiByteToWideChar
GetPrivateProfileStringW
Sleep
GetLastError
GetFileAttributesExW
lstrcatW
DeleteFileW
HeapReAlloc
CloseHandle
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
CreateThread
HeapAlloc
GetLocalTime
GetProcAddress
LocalFree
GetFileSize
lstrcpynA
FindVolumeClose
GetProcessHeap
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
lstrcpyW
GetDynamicTimeZoneInformation
FindNextVolumeW
lstrcmpiW
lstrcmpW
WriteConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
HeapSize
SetStdHandle
GetUserDefaultUILanguage
GetUserDefaultLocaleName
GetModuleFileNameW
GetPrivateProfileIntW
ExpandEnvironmentStringsW
lstrcpynW
WriteFile
lstrlenW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
FindNextFileW
HeapFree
FindFirstVolumeW
FindFirstFileW
GetVolumeInformationW
lstrcmpiA
ReadFile
DecodePointer
GetStringTypeW
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
GetMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
CredFree
CredEnumerateW
CredReadW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
SysAllocString

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable

crypt32

CryptDecodeObjectEx
CryptStringToBinaryA
CryptBinaryToStringA
CryptUnprotectData
CryptStringToBinaryW

shlwapi

StrRChrIW
PathStripToRootW
StrCmpNIW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
StrStrIA
StrStrIW
PathFileExistsW
StrStrW
UrlGetPartW
PathFindExtensionW
StrToIntA
StrStrA
PathAppendW
StrStrNIW
StrRChrIA
PathAddExtensionW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptGenerateSymmetricKey
BCryptDeriveKeyPBKDF2
BCryptEncrypt
BCryptDestroyKey
BCryptSetProperty
BCryptCreateHash
BCryptFinishHash
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDeriveKeyCapi
BCryptDecrypt
BCryptGetProperty

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d4188567c97401d9985cb3af99aa9522

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

crypt32

shlwapi

bcrypt

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 9KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 9KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB