40078c35de1366488d7c3dc761008cd4[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

40078c35de1366488d7c3dc761008cd4.bin
Size

1.4MB
MD5

8224fb24bf2cebc822ebbbd41b1f047c
SHA1

ff24fb8e6f7fae4e53934cf05c2229de962806f7
SHA256

e7c273ea825672eb76ae0119ff01e1b08685be1d635385b584c902a3227d87d9
SHA512

2b64be7cd156350951571526dda3159c23c5416c9c0021bfd3c8794c87a0b5baea6a2c76b6042c1ac324fa0411755ff061cb42a94346cfd4acabcf7bd8e7c503
SSDEEP

24576:pffO5wQx7jlU7hwlG5wrk+s5EUPsCtVlWqMWJZemIga3drbxHuZv28meyn1+gI8:t25wQx1U7hwlIwrkj5EUkcVIqxQcUrbP

Score

1^/10

Malware Config

Signatures

Files

40078c35de1366488d7c3dc761008cd4.bin
.zip

Password: infected
612c6c45d6e675b11751fedb3a11d7674fa381cda1921ec852073464c3d5ba20.bin
.exe windows x86

Password: infected

47892d24b78f346f4fc0145a2abd0613

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
mciSendCommandA
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetNumDevs
waveInReset
waveInClose
waveInOpen
waveInStart
timeGetTime

kernel32

LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventA
CreateThread
SetThreadPriority
WaitForSingleObject
CloseHandle
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
CompareStringW
DeleteCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
TlsGetValue
InitializeCriticalSection
CreateDirectoryA
GetLocalTime
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
TlsSetValue
TlsFree
GetUserDefaultLangID
GetVersionExA
GetFullPathNameA
CompareStringA
GetLocaleInfoA
SetLastError
TlsAlloc
HeapSize
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetTimeZoneInformation
GetDriveTypeA
HeapReAlloc
HeapAlloc
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetStartupInfoA
HeapFree
GlobalFree
GlobalAlloc
VirtualLock
OpenFile
GetSystemDirectoryA
GetWindowsDirectoryA
ResetEvent
DeviceIoControl
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
SetStdHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetTempPathA
TerminateThread
GetTickCount
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetFileSize
GetCurrentThreadId
FlushFileBuffers
WriteFile
CreateFileA
GetOverlappedResult
SetFilePointer
GetLastError
ReadFile
MultiByteToWideChar
ExitProcess

user32

MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
PostQuitMessage
SetCursor
DefWindowProcA
LoadImageA
DialogBoxParamA
CharLowerBuffA
LoadIconA
EndDialog
SendMessageA
GetDlgItem
EnableWindow
SendDlgItemMessageA
WaitMessage
ToUnicode
ShowCursor
GetKeyState
SetWindowsHookExA
GetKeyboardLayout
UnhookWindowsHookEx
CallNextHookEx
GetForegroundWindow
ToAscii
GetSystemMetrics
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
SetFocus
GetClassNameA
DestroyWindow
UnregisterClassA
GetWindowRect
GetTitleBarInfo
SendDlgItemMessageW

gdi32

DeleteObject
GetStockObject

advapi32

RegCreateKeyExA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoCreateInstance
CLSIDFromString

ws2_32

WSAResetEvent
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest
socket
ioctlsocket
setsockopt
bind
connect
WSAGetLastError
listen
send
recv
ntohs
ntohl
inet_ntoa
__WSAFDIsSet
WSAStringToAddressA
gethostname
htons
htonl
gethostbyname
inet_addr
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSARecvFrom
WSASendTo
sendto
WSACloseEvent
WSACreateEvent
getsockname
getsockopt
select
closesocket
recvfrom
WSAStartup

d3d9

Direct3DCreate9

d3dx9_30

D3DXLoadSurfaceFromMemory
D3DXSaveSurfaceToFileA
D3DXCreateEffect

iphlpapi

GetAdaptersInfo

msacm32

acmStreamSize
acmFormatSuggest
acmStreamClose
acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmStreamOpen

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TORQ_CX_
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WILK_DX_
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

47892d24b78f346f4fc0145a2abd0613

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

d3d9

d3dx9_30

iphlpapi

msacm32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 188KB - Virtual size: 184KB

.data Size: 116KB - Virtual size: 2.5MB

.tls Size: 4KB - Virtual size: 9B

TORQ_CX_ Size: 16KB - Virtual size: 12KB

WILK_DX_ Size: 4KB - Virtual size: 160B

.rsrc Size: 80KB - Virtual size: 76KB

.reloc Size: 136KB - Virtual size: 134KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 188KB - Virtual size: 184KB

.data
Size: 116KB - Virtual size: 2.5MB

.tls
Size: 4KB - Virtual size: 9B

TORQ_CX_
Size: 16KB - Virtual size: 12KB

WILK_DX_
Size: 4KB - Virtual size: 160B

.rsrc
Size: 80KB - Virtual size: 76KB

.reloc
Size: 136KB - Virtual size: 134KB