948ce616a031705931abfb1093de9f1c[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

948ce616a031705931abfb1093de9f1c.bin
Size

111KB
MD5

948ce616a031705931abfb1093de9f1c
SHA1

840836386c7981a6bf590445ac2ea9a499f991c6
SHA256

a6020794bd6749e0765966cd65ca6d5511581f47cc2b38e41cb1e7fddaa0b221
SHA512

59f8033c9f745137e9d79f24abc3d3bcf6e891bf842c061149a4262955b2f3a458404a6356e13761cc94f8d56658fd3473889419096a0d7f0e15b3d7ae9af137
SSDEEP

3072:y0cr7K7946tN41wJxp8KzNRZ+wUYydOMzg8zHxqoi:y0cr7K7946tN4IxlN/+bdhpzH3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
948ce616a031705931abfb1093de9f1c.bin

Files

948ce616a031705931abfb1093de9f1c.bin
.exe windows x86

afd00c0e3773d000174f6875d27debf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
QueryServiceStatusEx
RegOpenKeyA
RegCloseKey

user32

wsprintfA

ntdll

NtClose
RtlUnwind

shlwapi

SHDeleteValueA

kernel32

GetProcessHeap
SetEndOfFile
CreateFileW
HeapReAlloc
LoadLibraryW
GetProcAddress
GetLastError
CloseHandle
MultiByteToWideChar
GetFullPathNameA
lstrlenA
GetModuleHandleA
WinExec
GetFileAttributesA
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
Sleep
GetVersionExA
ExitProcess
SetFileAttributesA
TerminateProcess
OpenProcess
MoveFileExA
SetFilePointer
MoveFileA
GetTickCount
DeleteFileA
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetCurrentProcess
HeapCreate
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileA
HeapSize
GetStringTypeW

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afd00c0e3773d000174f6875d27debf6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ntdll

shlwapi

kernel32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB