e3964adcb233264f26a70dd25772a0f5[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e3964adcb233264f26a70dd25772a0f5.bin
Size

45KB
MD5

a28283a82f324c3d6d100b797cb2ef71
SHA1

544eb7afaef72675e9958a795b8059e62dec3d0b
SHA256

c80d8f9e9bd099a9a78a2b81516df8e6788c79f115cb3e727ef412bcbbd51657
SHA512

9f731cd472a51a04ed501555472a8064a5f2ac7b305c0a7a5bc567a1343c2a0cda9229992d5bccf02163f9ca2f2e7a0a53ac5be1ae68de7a56ca4ddbda85ef1c
SSDEEP

768:i92bnGRfs9+gUQozK8DfDeNNWQxXZel34MSjLeYnHHEkeKJ25yInc0pLo:ignGW9FFozK8sYQTel3y6EHRZ3Ibi

Score

1^/10

Malware Config

Signatures

Files

e3964adcb233264f26a70dd25772a0f5.bin
.zip

Password: infected
e5d8bd92a78f8498c5a7c48d4e36277d85243e1ad99b9d79b6c68514fff8182f.exe
.exe windows x86

Password: infected

8608a79c31eb91a63f9876736636a3f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetProperty
ImmCreateSoftKeyboard
ImmGetDescriptionA
ImmGetCandidateListA

kernel32

WriteConsoleW
GetLocaleInfoW
MultiByteToWideChar
GetDateFormatW
FileTimeToSystemTime
GetLastError
CreateFileMappingA
lstrlenW
FormatMessageW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualAlloc
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
DecodePointer
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
HeapFree
HeapReAlloc
CloseHandle
WriteFile
CreateFileW
CreateFileA
HeapSize
WideCharToMultiByte
LCMapStringW
HeapAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind

rpcrt4

NdrNonConformantStringMarshall

setupapi

SetupDiBuildClassInfoList
SetupDiGetActualSectionToInstallW
SetupDiEnumDeviceInterfaces

winmm

waveOutGetDevCapsA
waveInReset
mixerGetID

crypt32

CertNameToStrW
CertGetNameStringW
CertGetPublicKeyLength
CertGetCertificateContextProperty
CryptMsgVerifyCountersignatureEncoded
CryptHashToBeSigned
CryptFormatObject
CryptFindOIDInfo

wininet

InternetAutodial
CommitUrlCacheEntryW

shell32

SHGetSpecialFolderPathA
SHFormatDrive
SHGetSpecialFolderLocation
ShellExecuteW

mpr

MultinetGetConnectionPerformanceA
WNetCancelConnection2A
WNetCancelConnectionA
WNetGetConnectionW
WNetDisconnectDialog

user32

SendMessageW
LoadStringW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8608a79c31eb91a63f9876736636a3f1

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

rpcrt4

setupapi

winmm

crypt32

wininet

shell32

mpr

user32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B