bin_1[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

bin_1.rar
Size

2.4MB
MD5

dce732dccebe56c08f0ec999a9b977fa
SHA1

73516f25b0da4255c8302b36c92f5b7edee8dbc6
SHA256

2cb0f1d01d3788ede8038e16b4015aacace6910a5c73613050190f5b0e7f006c
SHA512

ea4d774278282cd3eb584ef48d37ab8774aaaa4825963ffa8584333b16b0b0bcdd1a361f7b011d4eb31c9c55735e62706bdae5c5439329703292b951aec9dcbf
SSDEEP

49152:rVUrS9J/m92duvvCJO+rYz+B+BLzQSDsUoIlK5crtFXKcNg/OBPJT:rVUrSi2uvSYFBfTDFoH5DR+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/client.dll
unpack001/r.exe
unpack001/stub.dll

Files

bin_1.rar
.rar
client.dll
.dll windows x86

76072003e0df09d82f9afa72734a603a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
GetProcAddress
Sleep
GetHandleInformation
CloseHandle
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
GetProcessHeap
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadFile
GetFileSizeEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

GetCursorPos
MessageBoxA

ws2_32

WSAStartup

Exports

Exports

CreateGame
DisposeGame
GetComms
get_login_error_code
login

Sections

.text
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
r.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.G
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
r.exe.config
.xml
shiva.data
stub.dll
.dll windows x86

344da1666bd15862153466979d7d05c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
AllocConsole
DeleteFileA
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
GetLastError
GetCurrentProcess
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadLibraryExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFileW
MoveFileExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
GetSystemInfo

user32

MessageBoxA

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76072003e0df09d82f9afa72734a603a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 425KB - Virtual size: 424KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 10KB

.vlizer Size: 2.1MB - Virtual size: 2.1MB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.G  Size: 618KB - Virtual size: 618KB

.text Size: 338KB - Virtual size: 337KB

.rsrc Size: 4KB - Virtual size: 4KB

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

344da1666bd15862153466979d7d05c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 8KB - Virtual size: 12KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 425KB - Virtual size: 424KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 10KB

.vlizer
Size: 2.1MB - Virtual size: 2.1MB

.G
Size: 618KB - Virtual size: 618KB

.text
Size: 338KB - Virtual size: 337KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 8KB - Virtual size: 12KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.reloc
Size: 18KB - Virtual size: 18KB