cc53b90f2680000a6da047cd316951e5[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

cc53b90f2680000a6da047cd316951e5.bin
Size

8.4MB
MD5

e98949e9049291fe97b91c466a12d300
SHA1

fedfe78b60468b32648ddfd89fe9e209efaf983e
SHA256

c6edfccd8bb822be01c5d73074385968989eeede4ce4b5b488e3a63b8e49b5b7
SHA512

04730d009d9f23305dc7245f2e0a8cb57a71b3f3371a50cbb567ce9a01742c8e1d4b041587575804ad13ee590f1421f4f1dc6712ea7838aa3872ad77b92f3c37
SSDEEP

196608:4k32VEmAWwTRwxTPKrneShQZnRetZpsay5z1StNGyfSsBdWYmgq4:dmfAWM6xTyc2pHy5JcMybLPv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f.exe

Files

cc53b90f2680000a6da047cd316951e5.bin
.zip

Password: infected
7a03645778fdb4669f2b568982a722d19bf2a386bba16399d9a681242b2dbc4f.exe
.exe windows x86

Password: infected

e570a5ba1acc24c066e0421ddaeb64f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
GetFileSizeEx
ReadFile
GetTickCount
GetFileType
LocalFree
CloseHandle
WriteFile
MoveFileExW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
GetLastError
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
IsValidLocale
HeapFree
HeapAlloc
GetStdHandle
SetStdHandle
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
lstrcmpW
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
LoadLibraryW
GlobalSize
GetCurrentProcessId
GetUserDefaultLangID
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalAlloc
CreateEventW
WaitForMultipleObjects
GlobalFree
SetHandleInformation
CompareStringEx
GetCommandLineW
SetEvent
ResetEvent
WaitForSingleObjectEx
GetCurrentThread
GetThreadPriority
DuplicateHandle
WaitForSingleObject
Sleep
GetCurrentProcess
CreateThread
SetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetSystemTime
GetLocalTime
OutputDebugStringW
TerminateProcess
IsProcessorFeaturePresent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetStartupInfoW
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
SetEndOfFile
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
FormatMessageA
AreFileApisANSI
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlUnwind
SetLastError
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread

advapi32

RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
RegSetValueExW
GetSecurityInfo
GetNamedSecurityInfoW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
RegCloseKey

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
Shell_NotifyIconGetRect
SHGetKnownFolderPath
ShellExecuteA
CommandLineToArgvW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd
ImmAssociateContextEx
ImmGetVirtualKey

iphlpapi

ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid
ConvertInterfaceNameToLuidW

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

bind
__WSAFDIsSet
getsockopt
htonl
getsockname
closesocket
getpeername
getaddrinfo
htons
listen
ntohl
select
setsockopt
WSAGetLastError
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
getnameinfo
WSAAccept
WSAConnect
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
freeaddrinfo

winmm

PlaySoundW
timeSetEvent
timeKillEvent

zlib1

inflateEnd
inflate
zError
crc32
inflateInit2_
deflateInit2_
deflateEnd
deflate

bcrypt

BCryptHashData
BCryptSetProperty
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptDestroyHash
BCryptDeriveKeyPBKDF2
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt

user32

ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
DestroyWindow
UnregisterClassW
GetClassInfoW
RegisterClassExW
DefWindowProcW
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
RegisterClassW
EnumDisplayDevicesW
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
SystemParametersInfoW
GetDC
GetSystemMetrics
GetFocus
UnregisterPowerSettingNotification

gdi32

CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
OffsetRgn
BitBlt
GdiFlush
CreateBitmap
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CombineRgn
CreateCompatibleDC
CreateDIBSection
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetFontData

ole32

StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance
DoDragDrop
CoTaskMemFree

oleaut32

SafeArrayCreateVector
SysAllocString
SysFreeString
SafeArrayPutElement

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e570a5ba1acc24c066e0421ddaeb64f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wtsapi32

uxtheme

dwmapi

imm32

iphlpapi

userenv

version

netapi32

ws2_32

winmm

zlib1

bcrypt

user32

gdi32

ole32

oleaut32

Sections

.text Size: 8.5MB - Virtual size: 8.5MB

.rdata Size: 5.7MB - Virtual size: 5.7MB

.data Size: 312KB - Virtual size: 368KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 279KB - Virtual size: 278KB

.text
Size: 8.5MB - Virtual size: 8.5MB

.rdata
Size: 5.7MB - Virtual size: 5.7MB

.data
Size: 312KB - Virtual size: 368KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 279KB - Virtual size: 278KB