f553ea019b79742eabcbacd387231623[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f553ea019b79742eabcbacd387231623.bin
Size

2.0MB
MD5

f553ea019b79742eabcbacd387231623
SHA1

970babe49945b98efada72b2314b25a008f75843
SHA256

174a62201c7e2af67b7ad37bf7935f064a379f169cf257ca16e912a46ecc9841
SHA512

f8bdf34cdb84505d03c4162f929572fdee70121fd935052481b932f2052e42953cafc26fa3f05678215abbf27dc7febafe6b4fc69538cb82f8f72b359b659bce
SSDEEP

49152:MNk0f0TEwRoYAxBI6mPPusyr32BrqhrQqsXhqdDsvlVSGkItBaL:H0f0wwO4us9WFQqsOovlVSUt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f553ea019b79742eabcbacd387231623.bin

Files

f553ea019b79742eabcbacd387231623.bin
.dll windows x86

e30e3de94344ec3a93f8d9a2e2b0e980

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
LoadLibraryW
GetProcAddress
CreateDirectoryW
ReadFile
WriteFile
GetModuleFileNameW
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
CloseHandle
CopyFileW
GetTempFileNameW
CreateProcessA
GetPrivateProfileStringA
VirtualQuery
OutputDebugStringW
GetTempPathA
GetTempFileNameA
InitializeCriticalSection
SetFilePointer
CreateMutexW
GetVersionExW
CreateEventW
Sleep
SetEvent
CreateThread
ResetEvent
GetWindowsDirectoryW
GetFileSize
MultiByteToWideChar
FindFirstFileW
FindClose
UnmapViewOfFile
CreateFileMappingA
FreeLibrary
MapViewOfFile
FindNextFileW
GetPrivateProfileStringW
lstrcmpiW
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
CreateFileMappingW
GetTickCount
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
TlsAlloc
TlsGetValue
TlsSetValue
CopyFileA
CreateFileA
LoadLibraryA
FlushFileBuffers
QueryPerformanceCounter
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
LockFileEx
UnlockFile
HeapCompact
GetSystemInfo
WaitForSingleObjectEx
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
HeapValidate
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
GetEnvironmentVariableA
SetFileTime
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
SetFileAttributesW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetShortPathNameW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetCurrentDirectoryW
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
GetStdHandle
SetCurrentDirectoryA
LocalFree
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsFree
GetModuleHandleW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileType
PeekNamedPipe
ExitProcess
WriteConsoleW

user32

GetDesktopWindow
wsprintfW

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
OpenProcessToken
RegCloseKey

shell32

SHCreateDirectoryExW

ole32

CoInitialize
CoTaskMemFree
CLSIDFromString
CoCreateInstance

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW
StrCmpW
PathAddExtensionW
PathAppendW
PathAppendA

crypt32

CryptUnprotectData

userenv

ExpandEnvironmentStringsForUserW

Exports

Exports

LinkStart
ModuleStart
ModuleStart64
_LinkStart@16
sqlite3_carray_init
sqlite3_csv_init
sqlite3_fileio_init
sqlite3_series_init
sqlite3_shathree_init

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30e3de94344ec3a93f8d9a2e2b0e980

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

userenv

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 528KB - Virtual size: 528KB

.data Size: 25KB - Virtual size: 68KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 528KB - Virtual size: 528KB

.data
Size: 25KB - Virtual size: 68KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 56KB - Virtual size: 55KB