83b3a3e126dadfb6b85c8abb3[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

83b3a3e126dadfb6b85c8abb3.bin
Size

183KB
MD5

8b24322f189053ffc09f2be4cb7f0923
SHA1

654e07548fb9e84e7465eb9032f438d803b7c0b9
SHA256

5f5c427331583d0fe45f445d7e37223e5673ea20bf62d24082f66433c3096d45
SHA512

5e75c40364230a617f64b769d451e25729517408ac982939d7451ebcbff67d44e5f5ae0a97b341b3d9bc28d3fb7d7ec3ba0660a550375e8fd37aae603d851cf5
SSDEEP

3072:LHI5xF8K2svuCLLYNkVm4Og9C5CRUIBCYZSdO9OdFA+icsLI+we86uw9:LHFKVikY4Og9CHI8aCA+icspwe2w9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/980a51a7503cf4c2fe3de39e54b475bdba1ed11cee8009a42048471e4d7d5aed.exe

Files

83b3a3e126dadfb6b85c8abb3.bin
.zip

Password: infected
980a51a7503cf4c2fe3de39e54b475bdba1ed11cee8009a42048471e4d7d5aed.exe
.exe windows x64

287240fab1f223abb090ff96769db3f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
CloseTrace
InitiateShutdownW
OpenSCManagerW
OpenServiceW
ControlService
OpenProcessToken
RegCloseKey
CloseServiceHandle
CreateWellKnownSid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
StartTraceW
EnableTrace
GetTokenInformation
RegQueryValueExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
DuplicateToken
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlTraceW

kernel32

FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
GetLocaleInfoW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDriveTypeW
MoveFileExW
DeviceIoControl
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
FormatMessageW
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
InitializeCriticalSection
CreateFileW
EncodePointer
DecodePointer
GetProcAddress
DeleteCriticalSection
SetLastError
HeapSetInformation
SetErrorMode
CreateEventW
WaitForSingleObject
SetEvent
RegisterApplicationRestart
GetCurrentProcess
GlobalFree
GetCommandLineW
CreateProcessW
CreateThread
OpenProcess
GetSystemTimeAsFileTime
LoadLibraryW
FreeLibrary
GetFileAttributesW
DeleteFileW
CreateDirectoryW
SetThreadPreferredUILanguages
GetTimeZoneInformation
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
FindClose
GetLastError
LocalFree
CloseHandle

gdi32

SetBkMode
DeleteDC
GdiFlush
SelectObject
SetLayout
CreateCompatibleDC
ExtTextOutW
SetBkColor
CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
SetTextColor
DeleteObject

user32

GetDesktopWindow
GetWindowThreadProcessId
EnumWindows
MessageBoxW
SendMessageTimeoutW
EndPaint
MapWindowPoints
CopyRect
GetWindowTextW
GetWindowRect
BeginPaint
GetAncestor
GetClassNameW
GetDlgItemTextW
SetDlgItemTextW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
LoadStringW
SystemParametersInfoW
LoadIconW
SetForegroundWindow
CreateDialogParamW
ShowWindow
DestroyWindow
DialogBoxParamW
RegisterWindowMessageW
GetDC
ReleaseDC
SetWindowLongPtrW
PostMessageW
GetParent
GetDlgItem
GetSystemMetrics
GetSysColor
SetWindowPos
GetSysColorBrush
EndDialog
SetFocus
GetKeyState
SetWindowLongW
GetWindowLongW
UpdateWindow
GetClientRect
SetWindowTextW
SetClassLongPtrW
GetWindowLongPtrW
IsWindow
CallWindowProcW
SendMessageW
EnableWindow
DrawFrameControl
OffsetRect
InflateRect

msvcrt

wcschr
_wcsnicmp
_wcsicmp
??2@YAPEAX_K@Z
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
??3@YAXPEAX@Z
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
memset
memcmp
iswspace
_amsg_exit
_vscwprintf
memcpy
_vsnwprintf
strchr
memmove

shell32

ShellExecuteExW
SHGetStockIconInfo
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CoInitializeSecurity
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
ord345
InitCommonControlsEx
ImageList_Create
ImageList_Add
ImageList_AddMasked
ImageList_Destroy
ord344

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
WinSqmAddToStreamEx
WinSqmIncrementDWORD
WinSqmAddToStream
NtShutdownSystem
RtlGetLastNtStatus
RtlVirtualUnwind
EtwTraceMessage
RtlNtStatusToDosError

srcore

SrFreeRpPropArray
SrFreeRestoreStatus

spp

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeExternalGroupPropArray

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

287240fab1f223abb090ff96769db3f7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

ole32

oleaut32

comctl32

ntdll

srcore

spp

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 103KB - Virtual size: 104KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 103KB - Virtual size: 104KB

.reloc
Size: 1024B - Virtual size: 1016B