900f2e1afb94aacc1c442d9014bea32e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

900f2e1afb94aacc1c442d9014bea32e.bin
Size

155KB
MD5

e0aa4bf3fa97420cb9ae8c5d78eb5743
SHA1

a441181ca1945e6a7548bdb53e811d8ae69dbedc
SHA256

d2e3fa8b873c856f07965ea16b3e8218a128eab61e4937077c25c4a8555c53af
SHA512

ac16944f96a3b54851596aa026ac8efc4339b4f6cef26687051ef58062584ce7d0dc37c165ed9253c0374a5f3b748312822c42243d9669271701fdfc764cd81e
SSDEEP

3072:ySe9/L8LJSY9rlR6QT3bvuohxaPEue3CA3+pQ9Pyc4ZmJrw:vDRrCQbbvuohgFMtxem5w

Score

1^/10

Malware Config

Signatures

Files

900f2e1afb94aacc1c442d9014bea32e.bin
.zip

Password: infected
2c41f943338e180561280cc544d5462de702db0816bc26c83ce64cf40523ecdb.exe
.exe windows x86

Password: infected

ae913bb19a4c98bab8f1fc3d92714e7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
FlushViewOfFile
OpenFileMappingW
GetModuleHandleW
LoadLibraryA
FreeLibrary
GetFileAttributesW
DeleteFileW
OpenProcess
VirtualProtect
GetCommandLineW
CreateProcessW
VirtualFree
ExitProcess
InitializeCriticalSectionAndSpinCount
TerminateProcess
RaiseException
DecodePointer
SetFileAttributesW
IsBadReadPtr
WideCharToMultiByte
LocalFree
CreateMutexW
ReleaseMutex
MultiByteToWideChar
GetComputerNameW
GetVersionExW
GetModuleHandleA
GetVolumeInformationW
CreateThread
GetNativeSystemInfo
SetLastError
VirtualAlloc
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetDriveTypeW
GetLogicalDriveStringsW
GetTickCount
ProcessIdToSessionId
GetStdHandle
DisableThreadLibraryCalls
CreateEventW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LeaveCriticalSection
Sleep
GetSystemTimeAsFileTime
WaitForSingleObject
OutputDebugStringW
lstrcatA
GetTempPathW
lstrlenW
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetTempFileNameW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileMappingW
GetFileSizeEx
CreateFileW
UnmapViewOfFile
MapViewOfFile
lstrcpynW
CloseHandle
CreateToolhelp32Snapshot
lstrcmpiW
Process32NextW
GetSystemInfo
Process32FirstW
SetErrorMode
CheckRemoteDebuggerPresent
GetProcAddress
LoadLibraryW
GetCurrentThread
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetCommandLineA
GetTimeZoneInformation
LoadLibraryExW
GetDiskFreeSpaceExW
GetCurrentProcess
GetThreadContext
GlobalMemoryStatusEx
HeapReAlloc
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW

user32

FindWindowW
GetSystemMetrics
wsprintfW

advapi32

CryptDeriveKey
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
CryptGetHashParam
RegOpenKeyW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptAcquireContextW

shell32

ord680
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

iphlpapi

GetAdaptersAddresses

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpSendRequest

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
SHSetValueW
wvnsprintfW
SHGetValueW

urlmon

URLDownloadToCacheFileW

pdh

PdhRemoveCounter
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllMain
Reg
dllstart

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ae913bb19a4c98bab8f1fc3d92714e7a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

psapi

winhttp

shlwapi

urlmon

pdh

setupapi

version

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 127KB - Virtual size: 137KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 127KB - Virtual size: 137KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 10KB - Virtual size: 10KB