afc9661c91e47851309ffb6d42444537[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

afc9661c91e47851309ffb6d42444537.bin
Size

62KB
MD5

6e2d14b57bbfe86343dc9f959c5dcd82
SHA1

89041df33db486bba76731cbc874eb056f259ca4
SHA256

9e2e0aa62be9f72c45a853d901811a6d4e92bb1f98933760d7dc694ab3c392e5
SHA512

b9b5a7980ffe70ce9b37adbfeb6faef01d21fbc2710c4d46c606d896de2ad694cb81822ccdca40f373eb4ee1f79b9e3cba359bcc4efece39cc91da1db9788417
SSDEEP

1536:i9b17RXq3YDClM53CTlvwINzdp3c3mkdYsyNG/7y:Mb17RXq3YIZBdpsLY7R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7243499e498823d1f6db5407ceea0f12e009bfa837f9355fd7bfd94af94b9b53.dll

Files

afc9661c91e47851309ffb6d42444537.bin
.zip

Password: infected
7243499e498823d1f6db5407ceea0f12e009bfa837f9355fd7bfd94af94b9b53.dll
.dll windows x86

Password: infected

0b8af3550b5710c15669b5b350fa662d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCreateFromUrlW
SHRegWriteUSValueA
PathRemoveExtensionW
PathMatchSpecW
StrDupW
PathParseIconLocationA

kernel32

GetLocaleInfoEx
CompareStringEx
GetModuleHandleW
GetProcAddress
GetDateFormatEx
GetTimeFormatEx
HeapSize
LoadLibraryW
OutputDebugStringW
WriteConsoleW
SetStdHandle
GetUserDefaultLocaleName
SetFilePointerEx
GetStringTypeW
SetConsoleCtrlHandler
LoadLibraryExW
FreeLibrary
InterlockedExchange
HeapReAlloc
HeapAlloc
GetProcessHeap
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
WriteFile
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
CloseHandle
FlsSetValue
FlushFileBuffers
RtlUnwind
WideCharToMultiByte
InitOnceExecuteOnce
GetFileType
GetStdHandle
GetCurrentThreadId
GetCurrentThread
SetLastError
GetCPInfo
GetOEMCP
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
CreateFileW
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FatalAppExitA
GetLastError
HeapFree
Sleep
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
InterlockedIncrement
IsValidCodePage
GetACP

wininet

FindFirstUrlCacheEntryExW
InternetErrorDlg
FindNextUrlCacheEntryW
InternetGetCookieW
InternetTimeToSystemTime
CreateUrlCacheEntryW
CommitUrlCacheEntryA
InternetFindNextFileW

oleaut32

VarCyMul
VarR4FromUI1
VarBstrFromUI4
OleSavePictureFile
VarAdd
VarCat
SysReAllocStringLen

rtm

RtmLookupIPDestination
MgmDeRegisterMProtocol
MgmGetNextMfe

crypt32

CryptDecryptMessage
CertAddEncodedCertificateToStore
CryptRegisterDefaultOIDFunction
CertComparePublicKeyInfo

wsnmp32

ord503
ord302
ord900
ord502
ord605

setupapi

SetupGetMultiSzFieldW
SetupDiGetINFClassA
SetupDecompressOrCopyFileA
SetupSetSourceListW

Exports

Exports

HvTkcoed

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0b8af3550b5710c15669b5b350fa662d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

wininet

oleaut32

rtm

crypt32

wsnmp32

setupapi

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 10KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 10KB