098d65390f8f45211a95a197eade4924[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

098d65390f8f45211a95a197eade4924.bin
Size

2.3MB
MD5

07340842c9081fe44f40384104d797c2
SHA1

330e1620aecc8de595a44ded26f9423c8cd138f6
SHA256

9b6d344daa7bb4bbcbb44a31e29b5114cb5ddc4cb353728c02034236c4a3d4cb
SHA512

498d91c00a5e3ebce348bc1fd285c32a285d635a81df40ffffb16542a1318ae914307cbcca31ee4b08ffadd081dd3d863ef077ceff67e059cb28e1e2926c7877
SSDEEP

49152:+XzXVWtJ2Sjz8hDFu0lUHfXM7F6QTUSmxbh/Ocsg0g8DhsPcT7HNy:+XQtwSjz8hDFlmSuh/psg0zDhsEfty

Score

1^/10

Malware Config

Signatures

Files

098d65390f8f45211a95a197eade4924.bin
.zip

Password: infected
9d66a5cefbcd4bdc4719a279ce6734c6d7a179533304d9c6838a3e9f3dad6974.dll
.dll windows x86

Password: infected

f00136899a62e795e9776b6db07e3031

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetSystemInfo
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
ReadFile
GetOverlappedResult
WriteFile
SleepConditionVariableSRW
AcquireSRWLockShared
ReleaseSRWLockShared
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TryAcquireSRWLockExclusive
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DisableThreadLibraryCalls
InitializeSListHead
TlsSetValue
TlsGetValue
IsDebuggerPresent
GetFileInformationByHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
CloseHandle
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
TlsFree
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
InitOnceComplete
GetModuleHandleW
GetModuleFileNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
InitOnceBeginInitialize
TlsAlloc

crypt32

CryptUnprotectData
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateChain
CertCloseStore
CertFreeCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertAddCertificateContextToStore

ws2_32

WSASend
send
recv
shutdown
getsockopt
ioctlsocket
setsockopt
bind
WSASocketW
getpeername
getsockname
WSAGetLastError
WSAStartup
WSACleanup
connect
freeaddrinfo
closesocket
WSAIoctl
getaddrinfo

advapi32

SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

secur32

AcquireCredentialsHandleA
ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
DecryptMessage
EncryptMessage

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

oleaut32

SysFreeString
SafeArrayAccessData
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
SafeArrayGetUBound

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket

vcruntime140

memset
__std_type_info_destroy_list
memcpy
__CxxFrameHandler3
memmove
_CxxThrowException
strrchr
memcmp
_except_handler4_common

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strlen

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_onexit_table
_execute_onexit_table
_cexit
_initterm_e
_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_endthreadex
_initterm

Exports

Exports

steal_browser
steal_information

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f00136899a62e795e9776b6db07e3031

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

ws2_32

advapi32

secur32

ntdll

bcrypt

oleaut32

ole32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 21KB - Virtual size: 23KB

.reloc Size: 141KB - Virtual size: 140KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 21KB - Virtual size: 23KB

.reloc
Size: 141KB - Virtual size: 140KB