4e44af86fc6780ccc409ed9210d098ab[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4e44af86fc6780ccc409ed9210d098ab.bin
Size

480KB
MD5

4e44af86fc6780ccc409ed9210d098ab
SHA1

de75375da1835883488177c1e0a3549391185351
SHA256

f079cb2f1e6ff79d3a755069ac42e6a6f6c86d4729110dc7b27610d135d9d5a3
SHA512

0c56f3eeebb49508eb0136a10c689908bae3ef9773db73d3f4e249b6ef6ae16fd42abe8e4e2968a20b34cd3f2523ed233772e7710b7151edab07ead20446ef12
SSDEEP

12288:BVSmkJdzeup9ZIS+S88rdykn1vQk6lOH:B4mkz6UD+j8rdy214kl

Score

1^/10

Malware Config

Signatures

Files

4e44af86fc6780ccc409ed9210d098ab.bin
.exe windows x86

a65a30f32dc646b104bf92505af642ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualProtect
GetCurrentProcess
VirtualAlloc
lstrlenA
CreateMutexA
GetModuleHandleA
OpenProcess
Sleep
OpenMutexA
CreateFileA
LoadLibraryA
CloseHandle
GetModuleFileNameA
FreeConsole
LoadLibraryW
HeapAlloc
K32EnumProcesses
GetProcAddress
ReadProcessMemory
GetProcessHeap
FreeLibrary
K32EnumProcessModules
GetSystemTime
GetTickCount
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
K32GetModuleBaseNameA
ReadFile
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
InitializeSListHead

advapi32

GetUserNameA

ucrtbase

_chdir
localeconv
strlen
free
frexp
_invalid_parameter_noinfo_noreturn
_lock_locales
_unlock_locales
__acrt_iob_func
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
strcspn
_lock_file
_unlock_file
malloc
setlocale
rand_s
__pctype_func
isupper
___lc_locale_name_func
___lc_codepage_func
_wcsdup
___mb_cur_max_func
islower
abort
__strncnt
strcmp
_callnewh
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_controlfp_s
fopen
abs
calloc
exit
fabs
_except_handler4_common
__current_exception_context
__current_exception
__uncaught_exceptions
_CxxThrowException
strstr
__std_terminate
memset
_purecall
__std_exception_copy
memcpy
memmove
__std_exception_destroy
__CxxFrameHandler3
__stdio_common_vsprintf_s
ungetc

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Qweasdz
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a65a30f32dc646b104bf92505af642ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ucrtbase

Sections

.text Size: 61KB - Virtual size: 60KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 3KB - Virtual size: 3KB

Qweasdz Size: 341KB - Virtual size: 344KB

.text
Size: 61KB - Virtual size: 60KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 3KB - Virtual size: 3KB

Qweasdz
Size: 341KB - Virtual size: 344KB