d5b59873f32de2db3bf7f8aad36f8c42[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

d5b59873f32de2db3bf7f8aad36f8c42.bin
Size

29KB
MD5

eff56ae375952b90c2292afa205fb99e
SHA1

d00b8f99937ba42896ffe42b9627803b1fcd988d
SHA256

b231ef1c1b1bbcb4343542cfc68ea71fb2aa0b87bd8b1ed4981cb99a4aae5db6
SHA512

4084863c871d78aaa5932d3ac31bb9001239b596bab887fd24620e6886b78e2dee7f423498421eda0e9b59f55423f736d881a79e011c9aad856c5b7fcd18a537
SSDEEP

384:TOsQozNZT04Z+TXdPmxsyhjLcvsviinsFL3IK84kHnbGDsRExvkoT6LExc8zT7ev:Kbo6XdeyyBLXJAmnb68AO87e33cn1tOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d78b4c2c76b3b4c87c3399d6385681e251f508b5fd8e587acfedc420384c3ebf.dll

Files

d5b59873f32de2db3bf7f8aad36f8c42.bin
.zip

Password: infected
d78b4c2c76b3b4c87c3399d6385681e251f508b5fd8e587acfedc420384c3ebf.dll
.dll windows x86

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
EnumSystemCodePagesW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
CompareFileTime
LCMapStringEx
HeapSize
LoadLibraryW
OutputDebugStringW
GetStringTypeW
HeapReAlloc
GetProcessVersion
FreeEnvironmentStringsA
GetVersionExA
FlushFileBuffers
GetFileType
HeapAlloc
RtlUnwind
LoadLibraryExW
GetCommandLineA
GetCurrentThreadId
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
Sleep
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetModuleFileNameW
CreateFileW

wsnmp32

ord502
ord900
ord906
ord400

mpr

WNetGetProviderNameW
WNetAddConnectionW
WNetGetUniversalNameA
WNetDisconnectDialog1A
WNetGetUserW
WNetCancelConnectionA
WNetGetConnectionW

rpcrt4

I_RpcReallocPipeBuffer
RpcBindingInqObject
RpcBindingFromStringBindingW
NdrServerCall
NdrXmitOrRepAsUnmarshall
NdrComplexArrayMemorySize

comdlg32

GetSaveFileNameW
GetSaveFileNameA
PageSetupDlgW
GetFileTitleA

loadperf

UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsA
LoadPerfCounterTextStringsW

Exports

Exports

JKbtgdfd
_AddDays@8
_CompareDate@8
_DaysBetweenDates@8
_GetDayOfWeek@4
_GetEasterSunday@8
_GetFirstWeekdayOfMonth@8
_GetLastWeekday@8
_GetLastWeekdayOfMonth@8
_GetNextWeekday@8
_GetNthDayOfWeekInMonth@20
_GetNthWeekdayOfMonth@12
_GetTimeZoneOffsetInMinutes@0
_IsSameWeek@8
_IsWeekend@4
_dDaysInMonth@8

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

90c2b41dbc64bf3f152f09646916224d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

mpr

rpcrt4

comdlg32

loadperf

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 11KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB