64e6755200ffb84b5fcb8bb2729eef9d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

64e6755200ffb84b5fcb8bb2729eef9d.bin
Size

662KB
MD5

64e6755200ffb84b5fcb8bb2729eef9d
SHA1

a5f838c04854806442d8e8b6d44deaa4afdbb2bb
SHA256

30574abb4af368912a1f928fe67427bf3e678a205169516d7590f28d0b4bb286
SHA512

4f1bf9ceb7c8d628f1dbbe1f30ab17f35ece5b16c606561e57a1965c1bfcd831ae89fac465ec6c127cdde4ab0d72f917c969dfe298d7ad8071821a3384b8640b
SSDEEP

12288:E1sUfFmzjaU8u98L2Z6NPwWDdNppv+7a5fqKeSQuJPQnVuRiq4Szd:rUX/DdNppgFSAnVktB

Score

1^/10

Malware Config

Signatures

Files

64e6755200ffb84b5fcb8bb2729eef9d.bin
.exe windows x86

40c328e3f89a0ba2bdf287669550f3ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
SetEvent
GetProcAddress
GetModuleHandleW
CreateEventA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
LeaveCriticalSection
GetEnvironmentStringsW
GetCommandLineW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetCurrentThread
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
EnterCriticalSection
SetLastError
GetModuleFileNameA
GetTickCount
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
CreateThread
RaiseException
CloseHandle
HeapReAlloc
GetLastError
Sleep
GetExitCodeThread
HeapSize
InitializeCriticalSectionEx
WaitForMultipleObjects
HeapFree
lstrlenW
WriteProcessMemory
WriteFile
WriteConsoleW
Wow64GetThreadContext
WideCharToMultiByte
WakeAllConditionVariable
WaitNamedPipeW
WaitForSingleObjectEx
UnmapViewOfFile
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnregisterWaitEx
FreeEnvironmentStringsW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringA
GetACP
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetSystemInfo
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
CreateFileW

user32

SetDlgItemTextA
UnregisterClassA
MessageBoxA
GetWindowLongA
MapWindowPoints
GetDlgItemInt
GetClientRect
GetParent
GetMonitorInfoA
PostThreadMessageA
SetWindowLongA
CharNextA
GetMessageA
DispatchMessageA
DialogBoxParamA
GetActiveWindow
MonitorFromWindow
CharNextW
TranslateMessage
CharUpperA
GetWindow
GetWindowRect
SetWindowPos
EndDialog

advapi32

OpenProcessToken
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDisablePredefinedCache
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
MapGenericMask
LookupPrivilegeValueW
IsValidSid
InitializeSid
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
GetTokenInformation
GetSidSubAuthority
GetSecurityInfo
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
GetLengthSid
GetKernelObjectSecurity
GetAce
FreeSid
EventWrite
EventUnregister
EventRegister
EqualSid
DuplicateTokenEx
DuplicateToken
CreateWellKnownSid
CreateRestrictedToken
CreateProcessAsUserW
CopySid
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
AccessCheck

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW

ole32

CoRevokeClassObject
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoInitializeEx

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
SafeArrayDestroy
VariantInit
SysFreeString
VariantClear
SysStringLen

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 298KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40c328e3f89a0ba2bdf287669550f3ba

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 293KB - Virtual size: 293KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 298KB - Virtual size: 302KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 293KB - Virtual size: 293KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 298KB - Virtual size: 302KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 10KB