bd05a2e89d0fa8fc885335bb28abf82f[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bd05a2e89d0fa8fc885335bb28abf82f.bin
Size

611KB
MD5

7dd8cbe7a0252185b051dc98134c30c2
SHA1

37a3aed8b2c79cea48e08077d042205bbaa72a8c
SHA256

3a7ae325d4b2f51c077ffb90848d9febbe9ffa2433cefbdb17218524b59780eb
SHA512

8c1abe4fa0affd0799e2711815cfd790eb8a530d523653da7a84ca811e7b015481669215a856b8bfb51c9db285d63a9f7adc2621e035f3a219ed9fa372165bc8
SSDEEP

12288:CaQLIvqMcofVFC3tgNrSQCiP+Ghtm5ArjbexOXi8I144my4L6qp:CaQECyfVFaM/nw9TmPGq

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/7908e0fbec2d187dbc950958fe7de240a20f19af75b2a5e3c864d316465e26f4.exe	Nirsoft

Files

bd05a2e89d0fa8fc885335bb28abf82f.bin
.zip

Password: infected
7908e0fbec2d187dbc950958fe7de240a20f19af75b2a5e3c864d316465e26f4.exe
.exe windows x86

Password: infected

755b26ee88bff31382938e00e4a0bfa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetConsoleWindow

wsnmp32

ord106
ord999
ord220
ord300

msacm32

acmFormatEnumW
acmDriverRemove
acmDriverClose
acmDriverPriority

resutils

ResUtilGetResourceNameDependency
ResUtilIsPathValid
ResUtilGetPropertiesToParameterBlock
ResUtilSetBinaryValue
ResUtilResourcesEqual
ClusWorkerTerminate
ResUtilVerifyPropertyTable

shlwapi

ChrCmpIA
ord10
PathIsRelativeA
SHGetValueW
PathRemoveBlanksW

winspool.drv

EnumPrinterDriversA
ord208
StartDocDlgA
ord206
ord207
SetJobW
DeleteMonitorW

rtm

MgmGetFirstMfe
RtmBlockConvertRoutesToStatic
RtmDeleteRoute
RtmCloseEnumerationHandle
MgmTakeInterfaceOwnership
RtmRegisterClient

mpr

WNetConnectionDialog1A
WNetGetNetworkInformationA

user32

GetKeyboardLayoutNameW
OemKeyScan
SetClipboardData
DrawMenuBar
ShowWindow
UserHandleGrantAccess

gdi32

GetFontUnicodeRanges

comctl32

ord328

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

755b26ee88bff31382938e00e4a0bfa6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

msacm32

resutils

shlwapi

winspool.drv

rtm

mpr

user32

gdi32

comctl32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 768B

.rsrc Size: 524KB - Virtual size: 524KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 768B

.rsrc
Size: 524KB - Virtual size: 524KB

.reloc
Size: 512B - Virtual size: 148B