488ebf34e202510d79514c16a4b3ce00[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

488ebf34e202510d79514c16a4b3ce00.bin
Size

3.6MB
MD5

488ebf34e202510d79514c16a4b3ce00
SHA1

78a16bb35722c10eb5df7452aa455f99bdf9a486
SHA256

2c69fd0522711dd18253c965726138a1031c5ce7b2e226d0a1a880da03c70285
SHA512

698b9a7f8d1da33812b6d529ccabf71157d96bf272a8533f41a778de8b64e5b7b05447135dcb9b0979e91d1dd326ec61fcfbcd922a33ba8232d424b5ec40e1a1
SSDEEP

49152:/RlrovtQHlyQ+uFqf6c/OyZDiFCF4OEee2uHEHbkdzRRxaLR11gjIU6ivK:ZivMkS0RIdIRh+v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488ebf34e202510d79514c16a4b3ce00.bin

Files

488ebf34e202510d79514c16a4b3ce00.bin
.exe windows x64

bfe82bd85ae01af1c9c55d66a7c7fa73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
SetHandleInformation
GetCurrentThread
GetProcAddress
FormatMessageW
GetModuleHandleA
GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
SetFileInformationByHandle
DuplicateHandle
CopyFileExW
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
CreateThread
GetFileInformationByHandle
WaitForSingleObject
RtlVirtualUnwind
FlushFileBuffers
SetFileCompletionNotificationModes
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
UnlockFile
MultiByteToWideChar
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
RtlLookupFunctionEntry
OutputDebugStringW
FindNextFileW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
CreateIoCompletionPort
FindClose
GetConsoleMode
GetQueuedCompletionStatusEx
GetEnvironmentVariableW
TryAcquireSRWLockExclusive
HeapDestroy
GetFinalPathNameByHandleW
SetLastError
SetFilePointerEx
ReleaseMutex
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetFileInformationByHandleEx
CreateDirectoryW
WakeAllConditionVariable
GetCurrentProcess
GetSystemInfo
GetLastError
FindFirstFileW
GetFullPathNameW
CreateFileW
GetFileAttributesExW
CreateMutexA
UnhandledExceptionFilter
GetTempPathW
LoadLibraryA
WaitForSingleObjectEx
FlushViewOfFile
WriteConsoleW
ReleaseSRWLockShared
AcquireSRWLockShared
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
ReleaseSRWLockExclusive
IsDebuggerPresent
AcquireSRWLockExclusive
SwitchToThread
GetTickCount
CloseHandle

ws2_32

WSARecv
getsockopt
WSACleanup
WSAStartup
WSASend
closesocket
setsockopt
bind
select
send
recv
shutdown
freeaddrinfo
getsockname
WSAGetLastError
getpeername
connect
WSAIoctl
ioctlsocket
WSASocketW
getaddrinfo

crypt32

CryptUnprotectData

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

vcruntime140

__C_specific_handler
__current_exception
memcpy
__CxxFrameHandler3
memset
memmove
memcmp
strrchr
__current_exception_context

api-ms-win-crt-string-l1-1-0

strcmp
strcspn
strncmp
strlen

api-ms-win-crt-heap-l1-1-0

malloc
free
_msize
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr
log

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_configure_narrow_argv
exit
_set_app_type
_seh_filter_exe
_exit
__p___argc
__p___argv
_beginthreadex
_cexit
_initterm
_c_exit
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
terminate
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 986KB - Virtual size: 986KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfe82bd85ae01af1c9c55d66a7c7fa73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

crypt32

shell32

ole32

ntdll

bcrypt

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 986KB - Virtual size: 986KB

.data Size: 25KB - Virtual size: 27KB

.pdata Size: 71KB - Virtual size: 71KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 986KB - Virtual size: 986KB

.data
Size: 25KB - Virtual size: 27KB

.pdata
Size: 71KB - Virtual size: 71KB

.reloc
Size: 23KB - Virtual size: 23KB