b368b4f8ba0c292896547adf2a35f967[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

b368b4f8ba0c292896547adf2a35f967.bin
Size

607KB
MD5

0d868ac59b9c7371065b1e1545cffa02
SHA1

496ea58690ecca5c7fb97359db017834726519bf
SHA256

fcf88a2b9594d620646487b80ebae20377406fb9e9754b430ae39f768ec1e536
SHA512

a4a8ea1ecb3bc44a4a13e7d1afcfc40c52e1677f54d42dae70955373c997be4371153bf2c84344be9cbc590e91752e660b4ff3415e8c0c3b7518badc88caf9a1
SSDEEP

12288:Np/z3/b+kQv8bpLbg3dBT0NEoGtilsuusWBJB2Ods9/+dDpnaxJFmXkPMi3:Lrb+kyBdt0e5T/M+d5Ri3

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/2e11a21dab7ad117856ecb9f80cdb22241bf6b4a0f231e05483bdddf997fbae5.exe	Nirsoft

Files

b368b4f8ba0c292896547adf2a35f967.bin
.zip

Password: infected
2e11a21dab7ad117856ecb9f80cdb22241bf6b4a0f231e05483bdddf997fbae5.exe
.exe windows x86

Password: infected

755b26ee88bff31382938e00e4a0bfa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetConsoleWindow

wsnmp32

ord106
ord999
ord220
ord300

msacm32

acmFormatEnumW
acmDriverRemove
acmDriverClose
acmDriverPriority

resutils

ResUtilGetResourceNameDependency
ResUtilIsPathValid
ResUtilGetPropertiesToParameterBlock
ResUtilSetBinaryValue
ResUtilResourcesEqual
ClusWorkerTerminate
ResUtilVerifyPropertyTable

shlwapi

ChrCmpIA
ord10
PathIsRelativeA
SHGetValueW
PathRemoveBlanksW

winspool.drv

EnumPrinterDriversA
ord208
StartDocDlgA
ord206
ord207
SetJobW
DeleteMonitorW

rtm

MgmGetFirstMfe
RtmBlockConvertRoutesToStatic
RtmDeleteRoute
RtmCloseEnumerationHandle
MgmTakeInterfaceOwnership
RtmRegisterClient

mpr

WNetConnectionDialog1A
WNetGetNetworkInformationA

user32

GetKeyboardLayoutNameW
OemKeyScan
SetClipboardData
DrawMenuBar
ShowWindow
UserHandleGrantAccess

gdi32

GetFontUnicodeRanges

comctl32

ord328

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

755b26ee88bff31382938e00e4a0bfa6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

msacm32

resutils

shlwapi

winspool.drv

rtm

mpr

user32

gdi32

comctl32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 768B

.rsrc Size: 524KB - Virtual size: 524KB

.reloc Size: 512B - Virtual size: 148B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 768B

.rsrc
Size: 524KB - Virtual size: 524KB

.reloc
Size: 512B - Virtual size: 148B