a9d4ba1fefc844e7231219f1ab16f6cf[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a9d4ba1fefc844e7231219f1ab16f6cf.bin
Size

28KB
MD5

5cf9c49597be58afc81c3f40160a6780
SHA1

5e7f516172711c010d7198e77829f09b03adf9c3
SHA256

bbdf776806adefd4c81f53b7aab6d6bdf7c256bbf2019ecebc1b3e5b20eae41f
SHA512

f1d6ec5c3d1802099ff1878ff40132a5b58dcee91b0ea3fc6aea9fbe68da655e48e7e66af93841bf894ba6109b6453e695af8221c3b6ba61fea99af697781c13
SSDEEP

384:8WyYZGQwRPPTSbG+pnxtgnHPf5JX6lgYD3pbba+pS70RVymAXc8bOvxnWX7zVtxZ:C8haPPubGUx6nH/6JD3xa7UUOGOZnt+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/38a1ec2dc9a0739ce81abc1a8b5cf9ca47e13cd9520e2df4edf1801fa7145e76.dll

Files

a9d4ba1fefc844e7231219f1ab16f6cf.bin
.zip

Password: infected
38a1ec2dc9a0739ce81abc1a8b5cf9ca47e13cd9520e2df4edf1801fa7145e76.dll
.dll windows x86

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
EnumSystemCodePagesW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
CompareFileTime
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetProcessVersion
FreeEnvironmentStringsA
GetVersionExA
FlushFileBuffers
GetFileType
HeapAlloc
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
CreateFileW

wsnmp32

ord502
ord900
ord906
ord400

mpr

WNetGetProviderNameW
WNetAddConnectionW
WNetGetUniversalNameA
WNetDisconnectDialog1A
WNetGetUserW
WNetCancelConnectionA
WNetGetConnectionW

rpcrt4

I_RpcReallocPipeBuffer
RpcBindingInqObject
RpcBindingFromStringBindingW
NdrServerCall
NdrXmitOrRepAsUnmarshall
NdrComplexArrayMemorySize

comdlg32

GetSaveFileNameW
GetSaveFileNameA
PageSetupDlgW
GetFileTitleA

loadperf

UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsW

Exports

Exports

JKbtgdfd
_AddDays@8
_CompareDate@8
_DaysBetweenDates@8
_GetDayOfWeek@4
_GetEasterSunday@8
_GetFirstWeekdayOfMonth@8
_GetLastWeekday@8
_GetLastWeekdayOfMonth@8
_GetNextWeekday@8
_GetNthDayOfWeekInMonth@20
_GetNthWeekdayOfMonth@12
_GetTimeZoneOffsetInMinutes@0
_IsSameWeek@8
_IsWeekend@4
_dDaysInMonth@8

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

mpr

rpcrt4

comdlg32

loadperf

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB