Sample_5b28b42dc036f72574b3ce4d[.]bin

Resubmissions

16/04/2023, 23:31

230416-3hqlfscd73 9

03/09/2020, 00:08

200903-czcarhcgr2 10

Sharing

Copy URL Twitter E-mail

General

Target

Sample_5b28b42dc036f72574b3ce4d.bin
Size

48KB
MD5

b81595dfa11994b17c6a6f9a69a10b39
SHA1

51298fb7a18d0cf4e817668466bf962d08fbc1be
SHA256

cac93a7d2b09a62919568fc1e2e00250dc319f425385165d474d29d176246e88
SHA512

be2b75643ba8fc37fd3f36017e7f97eef25105af72a08fdadf6dcb8c48582b590b63079a96cbd9c767231d5bd64b35a383c2ba52218fe5fa69fe33e4c0eb259c
SSDEEP

768:/eAS66pQcOMkK3B7LY/iNeRRYv/1ziXfUrUPXkEj0XobREr0NVYLNdiyH:/16pQcOszBeXkEj0Y9MUGLi

Score

1^/10

Malware Config

Signatures

Files

Sample_5b28b42dc036f72574b3ce4d.bin
.exe windows x86

fa27274b0c1362d27c40d1b2e3dd13d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

CreateVssBackupComponentsInternal

ws2_32

WSAStartup
connect
closesocket
inet_addr
send
gethostbyname
htons
socket
recv

psapi

GetModuleFileNameExW

shlwapi

PathAddBackslashW
StrStrIW
PathRemoveExtensionA
PathIsDirectoryW
StrStrW
PathFileExistsW
StrStrA
StrCmpNA

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA

mpr

WNetEnumResourceW
WNetAddConnection2W
WNetOpenEnumW
WNetCloseEnum

kernel32

GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
CreateThread
lstrcpyW
GetSystemTime
Process32NextW
lstrcmpiA
TerminateProcess
Sleep
GetSystemDirectoryW
lstrlenA
GlobalAlloc
GlobalFree
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetFileSize
lstrcmpA
FindFirstFileW
SetFilePointer
lstrcpynA
WriteFile
GetUserDefaultLangID
OpenProcess
CopyFileW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatA
lstrcmpW
lstrlenW
GetFileSizeEx
MoveFileW
FindClose
Process32Next
lstrcmpiW
lstrcatW
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
CloseHandle
GetWindowsDirectoryW
DeleteFileW
GetCurrentProcessId
lstrcpyA
ExitProcess
SystemTimeToTzSpecificLocalTime
RtlUnwind
GetLogicalDrives
GetTickCount
GetCommandLineA
GetSystemWow64DirectoryA

user32

SendMessageA
RegisterClassExA
GetMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
ShowWindow
DispatchMessageA
UpdateWindow
GetClientRect
SetWindowLongA
GetWindowLongA
wsprintfW
wsprintfA

advapi32

RegCreateKeyExW
CryptGenKey
CryptAcquireContextA
CryptReleaseContext
RegSetValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetKernelObjectSecurity
CryptExportKey
RegDeleteTreeA
GetTokenInformation
OpenProcessToken
CryptDestroyKey
CryptEncrypt
CryptImportKey

shell32

ShellExecuteW
ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA

ole32

CoInitialize
CoCreateInstance
OleSetContainedObject
CoGetClassObject

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayAccessData
VariantClear
SysAllocString

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

trump
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fa27274b0c1362d27c40d1b2e3dd13d7

Headers

DLL Characteristics

File Characteristics

Imports

vssapi

ws2_32

psapi

shlwapi

wininet

mpr

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 2KB

trump Size: 2KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 2KB

trump
Size: 2KB - Virtual size: 4KB