458c40554d96e56e679f5baffaf936f2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

458c40554d96e56e679f5baffaf936f2.bin
Size

4KB
MD5

4f5f16d34ef987836e9846cf0a824f5b
SHA1

9bdc99c9514f010d9ee69a105c7585bcbaa6ceb2
SHA256

5a684c15872d032be6f8fc2435e21317afddbdf03f02c102689552f0e359240e
SHA512

350eb4213732d49311fbd249b4171037fd0ca603c37a898a415c784183f7a070a31fba8c9a4a0f83d8ea09406807d9f98ed7f9dccd441c8209b925b0acf8ac53
SSDEEP

96:Nyi7Qbkr8CRgrlSLe5BKl4Ev0nGmhnAXYtnBA/yiY:NyqoXRSMKeZnGKnjBA/yx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/26a517115fef11c09ffa8b17734951f03958d0bda4f14652b0d136de5aecb2b6.dll

Files

458c40554d96e56e679f5baffaf936f2.bin
.zip

Password: infected
26a517115fef11c09ffa8b17734951f03958d0bda4f14652b0d136de5aecb2b6.dll
.dll windows x86

Password: infected

eed76f52bdfc4695e3635fd281dbe35b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
EnumSystemCodePagesA
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent

winmm

mmioSendMessage
WOW32ResolveMultiMediaHandle
mmioAscend
auxGetNumDevs
timeSetEvent
waveOutGetNumDevs
tid32Message

comdlg32

PageSetupDlgA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameW
GetFileTitleW

crypt32

CertGetCRLFromStore
CryptGetMessageCertificates

resutils

ResUtilGetBinaryProperty
ResUtilResourceTypesEqual
ResUtilStartResourceService
ClusWorkerCheckTerminate
ResUtilStopResourceService

mscms

GetPS2ColorRenderingIntent
SetColorProfileElementSize
GetColorProfileElementTag
DisassociateColorProfileFromDeviceA
SetStandardColorSpaceProfileW

mapi32

ord161
ord21
ord177
ord182
ord171
ord76
ord186
ord200

Exports

Exports

JKbtgdfd
_AllocateExecutableMemory@4
_AllocateMemory@4
_AllocateReadOnlyMemory@4
_ChangeMemoryProtection@16
_CompareMemory@12
_FindPattern@16
_FreeMemory@4
_GCopyMemory@12
_GFillMemory@12
_GMoveMemory@12
_GZeroMemory@8
_ReadMemory@12
_WriteMemory@12

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

eed76f52bdfc4695e3635fd281dbe35b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

comdlg32

crypt32

resutils

mscms

mapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 12B

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 400B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 12B

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 400B