4ff2bb8260dfe8307fee8282e5c8e23182741857eef72ca00f7b351bd7b7c3d1[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

4ff2bb8260dfe8307fee8282e5c8e23182741857eef72ca00f7b351bd7b7c3d1.bin
Size

4.3MB
MD5

2702c56793599778a697307b09668e78
SHA1

2ce249174a9e8f85aa85f0ff4bbbb89f3966d691
SHA256

4ff2bb8260dfe8307fee8282e5c8e23182741857eef72ca00f7b351bd7b7c3d1
SHA512

44d77c96fb2e209210a1e3857e96009818cb5b7872de96de92ca4faf7343e351d9822b746fbf0c9533b7d453a081966695f148240e3e9d0c516f710c385fa320
SSDEEP

98304:W765InN0+CQKstRTh4GnbIsvsJq9mor1:JgbNKsigvsJY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ff2bb8260dfe8307fee8282e5c8e23182741857eef72ca00f7b351bd7b7c3d1.bin

Files

4ff2bb8260dfe8307fee8282e5c8e23182741857eef72ca00f7b351bd7b7c3d1.bin
.dll windows x86

f8224f12a7ea5de3315a93567ebc2610

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisableThreadLibraryCalls
FindFirstFileA
GetComputerNameW
LocalFree
GetTempPathA
CreateDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
lstrlenW
GetFileSize
CreateProcessW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
CreateFileA
ReadFile
TerminateProcess
GetCurrentProcess
OpenProcess
DeleteFileA
GetFileAttributesA
SetFileAttributesA
Process32Next
Process32First
CreateToolhelp32Snapshot
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
GetTempPathW
GetSystemDirectoryW
OutputDebugStringW
OutputDebugStringA
GetModuleHandleW
GetSystemInfo
CloseHandle
FindClose
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
GetLastError
TerminateThread
RaiseException
MapViewOfFile
CreateFileMappingW
GetSystemTime
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetVersionExA
GetProcAddress
DecodePointer
FlushViewOfFile
GetDiskFreeSpaceA
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
TryEnterCriticalSection
AreFileApisANSI
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetConsoleCP
ReadConsoleW
GetModuleFileNameA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
ExitProcess
SetConsoleCtrlHandler
FindFirstFileExW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryW
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
MoveFileExW
GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoW
FindNextFileA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindResourceExW
WritePrivateProfileStringA
CreateDirectoryA
GetFileAttributesW
DeviceIoControl
GetLocalTime
lstrcmpA
GetEnvironmentVariableW
GetPrivateProfileStringW
GetSystemDirectoryA
GetVolumeInformationA
IsBadReadPtr
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
VirtualProtect
TlsAlloc
TlsGetValue
TlsSetValue
SetFilePointer
LoadLibraryExA
InterlockedCompareExchange
GetModuleHandleA
LocalAlloc
GetCurrentThread
VirtualQuery
VirtualAlloc
VirtualFree
GetNativeSystemInfo
FlushInstructionCache
VirtualProtectEx
VirtualQueryEx
GetCurrentThreadId
GetThreadContext
SetThreadContext
SuspendThread
LoadLibraryExW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageW
EncodePointer
CreateEventW
SwitchToThread
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW
GetDesktopWindow

advapi32

RegOpenKeyExW
RegCloseKey
GetLengthSid
SetSecurityInfo
InitializeAcl
AddAce
DeleteAce
GetAce
GetAclInformation
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGenRandom
RegDeleteValueW
ConvertSidToStringSidW
RegSetValueExA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameW
CryptAcquireContextA
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptDecrypt
GetTokenInformation
OpenThreadToken
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetSecurityInfo
RegOpenKeyW
RegSetValueExW
ConvertSidToStringSidA
LookupAccountNameW
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumValueW

shell32

SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetPathFromIDListW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocString

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetTimeouts

wldap32

ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord27
ord127
ord167
ord79
ord133
ord147
ord301
ord26
ord142

iphlpapi

GetAdaptersInfo

shlwapi

StrStrIW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIA
PathAddBackslashA
PathAppendA
PathFileExistsA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetConnectA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoW

ws2_32

closesocket
recv
send
WSAGetLastError
bind
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 230KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8224f12a7ea5de3315a93567ebc2610

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

wldap32

iphlpapi

shlwapi

version

wininet

ws2_32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 230KB - Virtual size: 415KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 110KB - Virtual size: 109KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 230KB - Virtual size: 415KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 110KB - Virtual size: 109KB