e227246cbebf72eb2867ef21b1b103ec07ddd87f4f8a5ac89a47536d5b831f6d[.]bin[.]sample[.]gz

Resubmissions

20/01/2023, 16:10

230120-tmdb9aag6z 3

19/01/2023, 17:49

230119-wd693sgg57 3

10/01/2023, 19:34

230110-yakm1shc74 3

Sharing

Copy URL Twitter E-mail

General

Target

e227246cbebf72eb2867ef21b1b103ec07ddd87f4f8a5ac89a47536d5b831f6d.bin.sample.gz
Size

129KB
MD5

57c6721925b14d16c8f0813142c080c3
SHA1

5ad31be9fff65a2fab7ca3f5a5881efb798e849c
SHA256

3880dd05fa47ed47f351130867f3064cda0c83f7fb263b2b5f44dafad6266523
SHA512

f9cd03c2a66b8234f72ec1b9020598aa4eb7b2fe42a0adc5a96271dd48870a74e37a05f0578bb8ade1dcbcbb4a32786d78221c68661d3f8d21b6c774f7c59dc7
SSDEEP

3072:2JfgSJE91k+dltAOOPzGiW7fG+ATQBzm+:2RwfnAkdm+

Score

N/A

Malware Config

Signatures

Files

e227246cbebf72eb2867ef21b1b103ec07ddd87f4f8a5ac89a47536d5b831f6d.bin.sample.gz
.gz
sample
.exe windows x86

d4188567c97401d9985cb3af99aa9522

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetEnvironmentVariableW
GetTempPathW
lstrlenA
FindClose
CreateFileW
lstrcmpA
GetPrivateProfileSectionNamesW
MultiByteToWideChar
GetPrivateProfileStringW
Sleep
GetLastError
GetFileAttributesExW
lstrcatW
DeleteFileW
HeapReAlloc
CloseHandle
GetNativeSystemInfo
GetSystemInfo
LoadLibraryW
CreateThread
HeapAlloc
GetLocalTime
GetProcAddress
LocalFree
GetFileSize
lstrcpynA
FindVolumeClose
GetProcessHeap
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
lstrcpyW
GetDynamicTimeZoneInformation
FindNextVolumeW
lstrcmpiW
lstrcmpW
WriteConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
HeapSize
SetStdHandle
GetUserDefaultUILanguage
GetUserDefaultLocaleName
GetModuleFileNameW
GetPrivateProfileIntW
ExpandEnvironmentStringsW
lstrcpynW
WriteFile
lstrlenW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
FindNextFileW
HeapFree
FindFirstVolumeW
FindFirstFileW
GetVolumeInformationW
lstrcmpiA
ReadFile
DecodePointer
GetStringTypeW
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
GetMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
CredFree
CredEnumerateW
CredReadW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
SysAllocString

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable

crypt32

CryptDecodeObjectEx
CryptStringToBinaryA
CryptBinaryToStringA
CryptUnprotectData
CryptStringToBinaryW

shlwapi

StrRChrIW
PathStripToRootW
StrCmpNIW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
StrStrIA
StrStrIW
PathFileExistsW
StrStrW
UrlGetPartW
PathFindExtensionW
StrToIntA
StrStrA
PathAppendW
StrStrNIW
StrRChrIA
PathAddExtensionW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptGenerateSymmetricKey
BCryptDeriveKeyPBKDF2
BCryptEncrypt
BCryptDestroyKey
BCryptSetProperty
BCryptCreateHash
BCryptFinishHash
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDeriveKeyCapi
BCryptDecrypt
BCryptGetProperty

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d4188567c97401d9985cb3af99aa9522

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

crypt32

shlwapi

bcrypt

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 9KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 9KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB