c6c4f3fd9a09db598811b5ebd5c0b3c3[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

c6c4f3fd9a09db598811b5ebd5c0b3c3.bin
Size

125KB
MD5

5dd0e4e9e9a752cb78dde26838cad65e
SHA1

f1a146cbe7337a5b2341a459e40e3bd23b0d91df
SHA256

b8a6853c36e335347548e76562fefbd7fbbeb2e8e934abfcd81787cf78a68715
SHA512

6798e0e7a49dbdbcd3875f4274c3aa9e641c328676b866d7f4529019c3a8b073620f2715f019dbbf7cf2436963aca80d847b1bb78f20ceb47fe72bcaa0fdddcf
SSDEEP

1536:NhdDzdcRKd5Kq2sClJgsOI8Z28HS9wxH0Y2QUZ3QINEpIKMD2yrcvtMyjH8Ic2KU:/dDKq2fKZ287H01DEW3rctMmHRc2jHky

Score

1^/10

Malware Config

Signatures

Files

c6c4f3fd9a09db598811b5ebd5c0b3c3.bin
.zip

Password: infected
b108763f9ea5eeaca59513676fd75ab96d4b0a88be9aceaab661dc60a0d780ac.exe
.exe windows x86

Password: infected

4ef1de9e4f4501143bde600f97030826

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW
SHEnumKeyExA
PathIsFileSpecA

kernel32

GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
VirtualAlloc
lstrcmpW
lstrcmpiW
lstrcpynW
lstrcpyW
lstrcatW
WritePrivateProfileStringW
GetConsoleWindow
SetEndOfFile
GetFileSizeEx
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
CreateFileW
SetConsoleCtrlHandler
LCMapStringW
CloseHandle
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
GetFileType
SetFilePointerEx
DeleteFileW
WriteConsoleW
EncodePointer
DecodePointer
CompareStringW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ReadFile
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetCurrentThread
GetConsoleMode
ReadConsoleW

ws2_32

WSAEnumProtocolsW
getservbyport
WSAAddressToStringA
WSAGetQOSByName
WSAAsyncGetServByName
WPUCompleteOverlappedRequest
WSAWaitForMultipleEvents
WSALookupServiceNextW

msacm32

acmMessage32
acmDriverOpen
acmFilterEnumA
acmFormatSuggest
acmFilterTagEnumW
acmFormatTagEnumW
acmFormatTagDetailsA

wsnmp32

ord204
ord203
ord300
ord201
ord205

rtutils

TracePutsExA
TraceDumpExW
MprSetupProtocolFree
TracePrintfA
MprSetupProtocolEnum
RouterLogEventDataW
RouterLogRegisterA

user32

ShowWindow

advapi32

RegOpenKeyW
RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4ef1de9e4f4501143bde600f97030826

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

ws2_32

msacm32

wsnmp32

rtutils

user32

advapi32

Sections

.text Size: 215KB - Virtual size: 215KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 360B

.text
Size: 215KB - Virtual size: 215KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 360B