02d4fb6c9d5bd7b2b50c59a9b75cae53[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

02d4fb6c9d5bd7b2b50c59a9b75cae53.bin
Size

1.7MB
MD5

b2372d07fe218bc500c9f4f3bc14f52b
SHA1

8939bc014e3d512423385fdb3917629ff93f2b79
SHA256

c1c9e2bd914b28af067bf07f7cf682cdf5f00661b0d55e1aaaeeed81c444f44e
SHA512

beb408ab94b750e0e192e6be2ccc80c75adc1c5c9577aada4626fa531baad198c16613366a59153a2cd3a4cf63d56c310c22abba0ab935f2426343efbb87e14f
SSDEEP

49152:gcS0PuSUbX2dAhgjX46p8s8flT+xGPB0Ob2ISI0t1RcsNcWvFInZ7:TDPhUbXIAY462s8fh+yB0OiHI+1SsxvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/411816deebf8aade5cc32e951934a1ed4d8a10b66944c9fae742ccca30423715.dll

Files

02d4fb6c9d5bd7b2b50c59a9b75cae53.bin
.zip

Password: infected
411816deebf8aade5cc32e951934a1ed4d8a10b66944c9fae742ccca30423715.dll
.dll windows x86

Password: infected

5082fbf7c84942efc1675db6b25554d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AddAccessAllowedAceEx

lz32

LZSeek

setupapi

CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList

shell32

SHGetSpecialFolderPathA

oleaut32

SysAllocStringLen
GetRecordInfoFromGuids
LPSAFEARRAY_UserUnmarshal

winmm

midiOutLongMsg

version

VerQueryValueA
GetFileVersionInfoSizeW

wininet

InternetCanonicalizeUrlW

kernel32

SetThreadPriority
GetProcAddress
GetModuleHandleW
CloseHandle
GetModuleFileNameA
OutputDebugStringA
GetExitCodeProcess
GetProcessHeap
WaitForSingleObject
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
DeleteCriticalSection
InterlockedPushEntrySList

gdi32

SetBrushOrgEx
SelectObject
RectInRegion

user32

PostQuitMessage
ShowWindow

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 860KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 860KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5082fbf7c84942efc1675db6b25554d5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

lz32

setupapi

shell32

oleaut32

winmm

version

wininet

kernel32

gdi32

user32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 88KB - Virtual size: 89KB

CODE Size: 860KB - Virtual size: 856KB

.CRT Size: 860KB - Virtual size: 856KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 88KB - Virtual size: 89KB

CODE
Size: 860KB - Virtual size: 856KB

.CRT
Size: 860KB - Virtual size: 856KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 26KB