ebdf63663754592f28efe12b66e4403e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ebdf63663754592f28efe12b66e4403e.bin
Size

28KB
MD5

23df68ae5698b5539651908f364a8381
SHA1

56630b3be3641cc6108a63e30b460544b047a095
SHA256

216f1529ea213da45b809c8f412adb29cd96597fbfaad0defccbf596307104b7
SHA512

538a0f9746838284a227781c73535d07a4e8f31365d443f67bd3d86a0c2c1f8682ab1bba5f7bd7e0a60426f0fd99b129a770be4ef074af2abe7e6b3ecf9587fb
SSDEEP

768:Y8QtQ3AYAaICmAdLHEdh2ploBhpmBdsRsFGsLxi1t+0:6QwLaICf1y0peBhQBusLxQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c7c4b0c69bd01cf86671aa0e5d21f55fbce0a556f2bf4ad1355d4b7abf15f625.dll

Files

ebdf63663754592f28efe12b66e4403e.bin
.zip

Password: infected
c7c4b0c69bd01cf86671aa0e5d21f55fbce0a556f2bf4ad1355d4b7abf15f625.dll
.dll windows x86

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
EnumSystemCodePagesW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
CompareFileTime
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetProcessVersion
FreeEnvironmentStringsA
GetVersionExA
FlushFileBuffers
GetFileType
HeapAlloc
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
CreateFileW

wsnmp32

ord502
ord900
ord906
ord400

mpr

WNetGetProviderNameW
WNetAddConnectionW
WNetGetUniversalNameA
WNetDisconnectDialog1A
WNetGetUserW
WNetCancelConnectionA
WNetGetConnectionW

rpcrt4

I_RpcReallocPipeBuffer
RpcBindingInqObject
RpcBindingFromStringBindingW
NdrServerCall
NdrXmitOrRepAsUnmarshall
NdrComplexArrayMemorySize

comdlg32

GetSaveFileNameW
GetSaveFileNameA
PageSetupDlgW
GetFileTitleA

loadperf

UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsW

Exports

Exports

JKbtgdfd
_AddDays@8
_CompareDate@8
_DaysBetweenDates@8
_GetDayOfWeek@4
_GetEasterSunday@8
_GetFirstWeekdayOfMonth@8
_GetLastWeekday@8
_GetLastWeekdayOfMonth@8
_GetNextWeekday@8
_GetNthDayOfWeekInMonth@20
_GetNthWeekdayOfMonth@12
_GetTimeZoneOffsetInMinutes@0
_IsSameWeek@8
_IsWeekend@4
_dDaysInMonth@8

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

mpr

rpcrt4

comdlg32

loadperf

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB