bee196a3b95f6e1a6eb37c56b41bc271[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bee196a3b95f6e1a6eb37c56b41bc271.bin
Size

41KB
MD5

114a0b73b986f0863e0dff8e188e7203
SHA1

270cd5b2a710e349590a423ef65bb4ce75e1a891
SHA256

eed8babf417b1c2c7d704a2df0f80271c0ee7c172b19dc62519b607c4a7d26a5
SHA512

3ff385afa8cd6f23dce641f6076f683073cf80f6a763027dc1b8549dee44e161e2960d09e1604d98e761ec0f761e37626e6eb20eff55cb7882b252269cab7c4d
SSDEEP

768:nuu5JEsRYixIlbKdElURK/lSes/rHNutumsUCGtibPPlkniVo:n35JTqKdeyDes/5utuxvGYblciVo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/018f22c7760b32d5d936d02cb62df9bb29242ed2c1820385844cb751f4425d61.dll

Files

bee196a3b95f6e1a6eb37c56b41bc271.bin
.zip

Password: infected
018f22c7760b32d5d936d02cb62df9bb29242ed2c1820385844cb751f4425d61.dll
.dll windows x86

Password: infected

586d0fe3e109a6211399a8a8b04c8000

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
WriteConsoleW
CreateFileW
SetFilePointerEx
lstrcatA
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
MapViewOfFile
VirtualAlloc
ExitProcess
CloseHandle
WriteFile
ReadFile
GetFileSize
GetFileAttributesA
CreateFileA
GetConsoleMode
GetEnvironmentVariableA
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
DecodePointer

user32

CloseClipboard
GetDlgItemInt
HideCaret
GetClipboardSequenceNumber
SetClassLongW
OpenClipboard

odbc32

ord54
ord253
ord208
ord13
ord160
ord167

comdlg32

PrintDlgExA
GetSaveFileNameW
ReplaceTextA
ReplaceTextW
FindTextW
GetSaveFileNameA
GetOpenFileNameW

crypt32

CryptRegisterOIDFunction
CryptInstallOIDFunctionAddress

msacm32

acmDriverID
acmStreamSize
acmFormatChooseA
acmFormatDetailsA
acmDriverDetailsW
acmFormatChooseW

winmm

waveOutPause
mmioRead
midiOutGetID
midiInGetNumDevs
midiOutGetErrorTextA
mmTaskSignal
midiOutSetVolume

setupapi

SetupDiGetSelectedDriverA
SetupDiRegisterDeviceInfo
SetupQueueDefaultCopyA
SetupDiDestroyClassImageList

mpr

WNetAddConnectionA
MultinetGetConnectionPerformanceA
WNetGetUserA
WNetAddConnectionW
WNetCancelConnectionA

loadperf

LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW

Exports

Exports

HvDeclY
_FileExists@4
_ReadFileContents@12
_WriteToFile@12

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

586d0fe3e109a6211399a8a8b04c8000

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

odbc32

comdlg32

crypt32

msacm32

winmm

setupapi

mpr

loadperf

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB