b416a495421e176a21a665278cb6a4e4[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b416a495421e176a21a665278cb6a4e4.bin
Size

197KB
MD5

8fa783018342442ce0de153674e6b13e
SHA1

8934fde69987972142425a3a04ef0dda31c2b4a6
SHA256

20fd1817ee0a639fb497741ac966b2a915ef8adcbc2a38b1a4da8bbd44398a78
SHA512

f6904d62716e8ef1f829a983e34e22ffdc9025cf7eb7ee19ab5eb159472d7e1a65c0bd972e7bc5fa999e1d073660f517e7cf4b693e01b8c954b758f0edcfab3e
SSDEEP

3072:y4aek80yHmBSbEC5pl6BfZyEBYY2wXK7UANJPpZo4zlo43sKH5SQeoqaPQL4iSJC:gQNEC5pIBB0wXKw0w4ho43sQev34NC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cba110187193d818f8915ea29187b3d1565794cefc0f588f5d0aca1081cada08.dll

Files

b416a495421e176a21a665278cb6a4e4.bin
.zip

Password: infected
cba110187193d818f8915ea29187b3d1565794cefc0f588f5d0aca1081cada08.dll
.dll windows x86

Password: infected

f2e9757e5dc55604f9953968faf6ed8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
DeleteCriticalSection
GetSystemInfo
GetTickCount
GetModuleHandleA
GetProcAddress
CreateFileA
GetVersionExA
CreateFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CancelIo
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
GetDriveTypeW
DecodePointer
SetFilePointerEx
GetConsoleMode
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
GetACP
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
WriteConsoleW

Exports

Exports

af_addBindingRule
af_addFlowCtl
af_addRule
af_addRuleEx
af_adjustProcessPriviledges
af_completeTCPConnectRequest
af_completeUDPConnectRequest
af_deleteBindingRules
af_deleteFlowCtl
af_deleteRules
af_free
af_getConnCount
af_getDriverType
af_getFlowCtlStat
af_getProcessNameA
af_getProcessNameFromKernel
af_getProcessNameW
af_getTCPConnInfo
af_getTCPStat
af_getUDPConnInfo
af_getUDPStat
af_init
af_ipPostReceive
af_ipPostSend
af_modifyFlowCtl
af_registerDriver
af_registerDriverEx
af_setIPEventHandler
af_setOptions
af_setRules
af_setRulesEx
af_setTCPFlowCtl
af_setTCPTimeout
af_setUDPFlowCtl
af_tcpClose
af_tcpDisableFiltering
af_tcpIsProxy
af_tcpPostReceive
af_tcpPostSend
af_tcpSetConnectionState
af_tcpSetSockOpt
af_udpDisableFiltering
af_udpPostReceive
af_udpPostSend
af_udpSetConnectionState
bind

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f2e9757e5dc55604f9953968faf6ed8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 112KB - Virtual size: 110KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 112KB - Virtual size: 110KB

.reloc
Size: 7KB - Virtual size: 6KB