7ecba2d73270388f9ac69ab36aad8351[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

7ecba2d73270388f9ac69ab36aad8351.bin
Size

317KB
MD5

ad947450a621b9f25481bd9d43abe450
SHA1

2a073cdac27357068069646790a79a6a09c9ddec
SHA256

149416c734bf90431abdcc6ffafd5cbcfff661ead72e486daba5912616ee9cbe
SHA512

76d2a659490de7ae9f9cfee8043db54418b37c4623650c603882fd06f28434b077bd811664383314f294538b73cd2981481767036c483d3745a442f06f4a80f0
SSDEEP

6144:vBrjPYWFlBKV6d/6+0WRygav7nx1E3zdJXHUYXRQjE8Hp+CtzQA5:hjPYIlu6di7yyvnx1E3zdpUYXRQjR+CV

Score

1^/10

Malware Config

Signatures

Files

7ecba2d73270388f9ac69ab36aad8351.bin
.zip

Password: infected
217ff786e98d8763294e360042af0717011ab7d017d2150f47250dc1fb0b7790.exe
.exe windows x64

Password: infected

a0ad82b564665412272991ba09f43857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceEvent
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
FindResourceW
RegisterApplicationRestart
HeapSetInformation
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
MulDiv
GetUserDefaultUILanguage
GetLocaleInfoW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
ExpandEnvironmentStringsW
GetLastError
GetLocaleInfoEx
Sleep
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException

gdi32

CreatePen
SetBkMode
SetBkColor
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPoint32W
GetDeviceCaps
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
DeleteDC
Rectangle
GetStockObject
SetDCPenColor
SetTextColor
CreateDIBSection
GdiAlphaBlend
GetDIBits
SetDIBits
CreateSolidBrush

user32

UnionRect
SetTimer
GetWindowRect
FillRect
LoadImageW
DrawTextW
KillTimer
UnregisterClassA
ord2560
ScreenToClient
SetForegroundWindow
MessageBoxW
PostQuitMessage
SendDlgItemMessageW
GetClientRect
CopyImage
DrawTextExW
LoadIconW
SetClassLongPtrW
SystemParametersInfoW
SetDlgItemTextW
EnableWindow
MoveWindow
SetRectEmpty
PtInRect
InflateRect
GetDlgItem
GetDC
ReleaseDC
SendMessageW
SetWindowLongPtrW
SetWindowLongW
GetParent
ShowWindow
GetSysColor
CreateWindowExW
DestroyWindow
PostMessageW
BeginPaint
IsWindowVisible
EndPaint
InvalidateRect
GetWindowLongW
OffsetRect
CopyRect
GetDlgItemTextW
SetRect
GetWindowLongPtrW
CallWindowProcW
GetPointerInfo
GetPointerInfoHistory
CharNextW
FlashWindowEx
GetCaretBlinkTime
LoadStringW
FindWindowW

msvcrt

_wcmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_initterm
__dllonexit
_onexit
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
__CxxFrameHandler3
_CxxThrowException
atan2
memcpy
__C_specific_handler
memset
memcpy_s
wcsncpy_s
??_U@YAPEAX_K@Z
??2@YAPEAX_K@Z
malloc
_purecall
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_unlock
sqrt
free

ntdll

WinSqmIsOptedIn
WinSqmIncrementDWORD
RtlVirtualUnwind
RtlLookupFunctionEntry
EtwTraceMessage
RtlCaptureContext

gdiplus

GdipBitmapLockBits
GdiplusShutdown
GdipBitmapUnlockBits
GdipGetImageHeight
GdipGetImageWidth
GdipImageRotateFlip
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateBitmapFromStream

comctl32

CreatePropertySheetPageW
PropertySheetW

shlwapi

PathFileExistsW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a0ad82b564665412272991ba09f43857

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

gdiplus

comctl32

shlwapi

shell32

ole32

oleaut32

Sections

.text Size: 101KB - Virtual size: 100KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 671KB - Virtual size: 671KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 101KB - Virtual size: 100KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 671KB - Virtual size: 671KB

.reloc
Size: 2KB - Virtual size: 2KB