defab1767b271b009322b33e52a8d589[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

defab1767b271b009322b33e52a8d589.bin
Size

1.0MB
MD5

3c861994dfb4b5c3de0217e3fcb6ad7a
SHA1

41fa103c8a65a3d15c219c254b9691ad61926297
SHA256

8152c24dc85ca9c4478f134c14709dd005993cf61ad3405bb5ef950aeb9a38b4
SHA512

458def4f4a5ab430f11f06bb17b90760bd316c12ae052126ec98629d09de5fc0b5537db18b530205f9e4730d971dec4cad91da291588ec6374f3b44f28af7238
SSDEEP

24576:ZidROpfZ/AXFKRjxKtSuqP6cZzuvW6tWghq:ZERO40R9PycBuvW6tc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/67a3ce369b8e239d9566673dd8d64fc77236524543832acba4a5d7a471303661.exe

Files

defab1767b271b009322b33e52a8d589.bin
.zip

Password: infected
67a3ce369b8e239d9566673dd8d64fc77236524543832acba4a5d7a471303661.exe
.exe windows x86

Password: infected

4f7700a87a9dd5e81bc1c765f3dac90b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAddAtomA
GlobalSize
CopyFileA
GlobalFree
GetModuleFileNameA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
GetModuleHandleW
lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
SetThreadPriority
ResumeThread
WaitForSingleObject
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
ReplaceFileA
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetACP
GetThreadLocale
FileTimeToSystemTime
GetStringTypeExA
lstrcmpiA
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetShortPathNameA
FileTimeToLocalFileTime
GetFileAttributesExA
MulDiv
GetWindowsDirectoryA
GetNumberFormatA
SetErrorMode
InitializeCriticalSectionAndSpinCount
GetProfileIntA
SearchPathA
FindResourceExW
RtlUnwind
ExitProcess
DecodePointer
RaiseException
EncodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
VirtualQuery
HeapReAlloc
ExitThread
HeapQueryInformation
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetStdHandle
IsValidCodePage
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeZoneInformation
WriteConsoleW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeLibrary
CompareStringA
LoadLibraryW
MultiByteToWideChar
lstrcmpW
FindResourceA
FreeResource
GetCurrentThreadId
GetFileSizeEx
GlobalGetAtomNameA
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
GetCurrentDirectoryW
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
lstrlenA
lstrcatA
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateThread
CreateEventA
ActivateActCtx
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileA
UnmapViewOfFile
CloseHandle
FindFirstFileA
FindClose
GetLastError
GetSystemInfo
VirtualAlloc
VirtualProtect
InterlockedDecrement
InterlockedIncrement
Sleep
GetTempPathA
GetTickCount
GlobalAlloc
DeleteFileA
GetDriveTypeW

user32

CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
DestroyIcon
LoadImageA
DestroyMenu
LoadMenuA
ReuseDDElParam
UnpackDDElParam
DestroyCursor
LoadCursorA
GetKeyNameTextA
MapVirtualKeyA
SetCursorPos
RedrawWindow
IsZoomed
DeleteMenu
GetSystemMenu
SetParent
GetMenuItemInfoA
RealChildWindowFromPoint
GetSysColorBrush
UnregisterClassA
EnumDisplayMonitors
SetLayeredWindowAttributes
CharUpperA
LoadAcceleratorsW
LoadMenuW
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnionRect
CreateMenu
PostThreadMessageA
GetTabbedTextExtentW
WindowFromPoint
GetDCEx
LockWindowUpdate
GetMenuDefaultItem
GetAsyncKeyState
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
NotifyWinEvent
GetIconInfo
CopyImage
DrawIconEx
DestroyAcceleratorTable
SetClassLongA
DrawStateA
DrawEdge
DrawFrameControl
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableA
RegisterClipboardFormatA
IsClipboardFormatAvailable
WaitMessage
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
IsCharLowerA
MapVirtualKeyExA
UpdateLayeredWindow
MonitorFromPoint
IsMenu
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
SetMenuDefaultItem
FrameRect
GetUpdateRect
CopyIcon
BringWindowToTop
GetDoubleClickTime
SubtractRect
GetWindowRgn
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
GetWindowRect
GetWindow
SetFocus
GetFocus
IsChild
SendMessageA
EnableWindow
UpdateWindow
LoadIconW
wsprintfA
TranslateAcceleratorA
SetRectEmpty
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
IsRectEmpty
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetSystemMetrics
ReleaseCapture
SetCursor
LoadCursorW
SetCapture
KillTimer
SetTimer
SetWindowRgn
DrawIcon
SystemParametersInfoA
OffsetRect
GetMessageTime
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsIconic
GetWindowThreadProcessId
IntersectRect
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetCursorPos
GetClientRect
IsWindow
LoadIconA
SetRect
GetParent
GetDC
InvalidateRect
IsWindowVisible
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
CharUpperBuffA
UnhookWindowsHookEx

gdi32

RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
CreatePen
Rectangle
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
EnumFontFamiliesExA
OffsetRgn
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Polyline
CreatePolygonRgn
CreateRoundRectRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetWindowOrgEx
GetTextExtentPoint32W
GetTextExtentPointA
GetTextFaceA
GetTextAlign
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetNearestColor
GetRgnBox
GetTextColor
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
GetObjectA
SetTextColor
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateFontA
GetCharWidthA
GetViewportOrgEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
CreateCompatibleBitmap
CreateDIBSection
Ellipse
LPtoDP
CreateEllipticRgn
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
CreateHatchBrush
CreateSolidBrush
GetObjectType
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
SelectPalette
GetStockObject
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
SetBkColor

shell32

SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
ExtractIconA
SHAddToRecentDocs
DragQueryFileA
DragFinish
ShellExecuteA

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord8

wldap32

ord41
ord46
ord301
ord27
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22

ws2_32

WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

GetFileSecurityA
CryptImportKey
CryptEncrypt
CryptDestroyKey
RegCloseKey
RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
RegOpenKeyExW
RegEnumValueA

ole32

CoLockObjectExternal
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoInitializeEx
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VarBstrFromDate
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringLen
VariantCopy
OleCreateFontIndirect
SysAllocString
VariantClear

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4f7700a87a9dd5e81bc1c765f3dac90b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msimg32

comctl32

shlwapi

oledlg

wldap32

ws2_32

crypt32

oleacc

gdiplus

imm32

winmm

winspool.drv

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 349KB - Virtual size: 348KB

.data Size: 26KB - Virtual size: 56KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 180KB - Virtual size: 180KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 26KB - Virtual size: 56KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 180KB - Virtual size: 180KB