f1951897153595d6bf6a50b053515237[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

f1951897153595d6bf6a50b053515237.bin
Size

52KB
MD5

2a00335d32d5e0fd5b9ce8428d3518a0
SHA1

4c952ef11ecc7f1aa70f0753fe4dbec602f082e2
SHA256

1f17180115e6ea3646fa3c7c702565da0c9c719a7b3da7f349dfa2e705defa08
SHA512

e8670beab521978a33752bd375282e9ac2a64ea803343babbe78dc38889dbd234e452f7cb4dd973a39d194053151f6294076116df37bf6670b6dadd3d9f8cf51
SSDEEP

768:vfleJyEBPWCMWqKHD81/ZItqCRKPcZXRn2XshDgpigJA/1SHSKoPFixKqytmUug5:iHPWNdWD8ZZItqCRKqt9Wo1N6Lytmxg5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/00c9545290056629ca7684a471ffdde3df70c25f7cbec9e1ac047e58577f83e9.dll

Files

f1951897153595d6bf6a50b053515237.bin
.zip

Password: infected
00c9545290056629ca7684a471ffdde3df70c25f7cbec9e1ac047e58577f83e9.dll
.dll windows x86

Password: infected

7172f97c2413b1e82fd101bf278d9e25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHEnumValueW
PathIsURLA
SHRegDeleteUSValueW
StrRChrA
StrCmpNIA

kernel32

GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
FreeEnvironmentStringsW
GetModuleHandleW
GetCommandLineA
CloseHandle
HeapSize
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameA
WriteFile
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
GetLastError
HeapFree
SetEnvironmentVariableA
ExitProcess
FatalAppExitA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
HeapCreate
HeapDestroy
VirtualFree

winspool.drv

DeleteMonitorA
DeviceCapabilitiesA
EXTDEVICEMODE
ord203

mscms

UnregisterCMMA
EnumColorProfilesW
GetCMMInfo
SetColorProfileElement
SetStandardColorSpaceProfileW
CreateMultiProfileTransform

crypt32

CertAddCRLContextToStore
CryptSetOIDFunctionValue
CertAddEncodedCertificateToSystemStoreW
CertSerializeCTLStoreElement

ws2_32

ntohs
WSASetServiceA
WSCInstallProvider
WSADuplicateSocketW
htonl
WSALookupServiceNextW
__WSAFDIsSet

loadperf

LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsW

ole32

HBITMAP_UserSize
OleLoad
WriteClassStm
OleDestroyMenuDescriptor
OleRegEnumFormatEtc
HMETAFILE_UserMarshal
OleRegGetMiscStatus

shell32

SHGetFileInfoA
ShellExecuteA
SHQueryRecycleBinW

Exports

Exports

HvDeclY
_Gckeis@0

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7172f97c2413b1e82fd101bf278d9e25

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

winspool.drv

mscms

crypt32

ws2_32

loadperf

ole32

shell32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 10KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 10KB