fc5b359d88f007f1e44c16a03b5d5809[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

fc5b359d88f007f1e44c16a03b5d5809.bin
Size

421KB
MD5

178e3afb4c5b5a3a0d37509f96df9358
SHA1

98ce5e9ee19433a0d120e00e1c84ddfccd4f24d3
SHA256

5092e47ee47cf227eaeb9ffdb712efe53f653559b1e5f247fd33461d0919a75c
SHA512

5a384ad0cd1cbc3892ddc2d96c3aa7eec54226966c66ea3f0ab26af4df719ffa50ca77a0f5ba3693119ac494ce339c98bfbd6ba09a9348565e3cc8bac0fafc63
SSDEEP

12288:VXrYc1sinwozh6c2m4m96mq2Rfduk6gAb0SJSQH:VXN1siwo152mm2RFAd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/C3F7B91F25992E56/LBG32.exe
unpack002/C3F7B91F25992E56/LBG32dll.dll
unpack002/C3F7B91F25992E56/LBG64.exe
unpack002/C3F7B91F25992E56/LBG64dll.dll

Files

fc5b359d88f007f1e44c16a03b5d5809.bin
.zip

Password: infected
d61fa625288f6f8786399c821fb51ec220a1de1877115521f206306b89461d83.zip
.zip

Password: infected
C3F7B91F25992E56/LBG32.exe
.exe windows x86

Password: infected

6a50fba0b2beed26e23e37e0922bd3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C3F7B91F25992E56/LBG32dll.dll
.dll windows x86

Password: infected

22a965dbd84b719d92bdcc7f5ac9fdfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_allmul
RtlUnwind
_chkstk
NtQuerySystemInformation
_alldiv

kernel32

TlsFree
CreateFileW
CloseHandle
GetLocalTime
lstrlenW
FreeLibraryAndExitThread
GetCurrentThreadId
SuspendThread
ResumeThread
Sleep
GetLastError
CreateThread
lstrcpyW
OpenThread
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Exports

Exports

_DllInstall@8

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C3F7B91F25992E56/LBG64.exe
.exe windows x64

Password: infected

cf173f5b43e2dd8a6a3952081c406e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetLocalTime
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C3F7B91F25992E56/LBG64dll.dll
.dll windows x64

Password: infected

2b8bb1a297fc6dbb94dddbb19e3d5648

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
__chkstk
RtlUnwindEx
NtQuerySystemInformation

kernel32

FreeLibrary
WriteConsoleW
CloseHandle
GetLocalTime
lstrlenW
FreeLibraryAndExitThread
GetCurrentThreadId
SuspendThread
ResumeThread
Sleep
GetLastError
CreateThread
lstrcpyW
OpenThread
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

ws2_32

htons
WSAGetLastError

Exports

Exports

DllInstall

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

6a50fba0b2beed26e23e37e0922bd3df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 22KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

Password: infected

22a965dbd84b719d92bdcc7f5ac9fdfe

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 22KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

Password: infected

cf173f5b43e2dd8a6a3952081c406e61

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 23KB - Virtual size: 28KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

2b8bb1a297fc6dbb94dddbb19e3d5648

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 23KB - Virtual size: 28KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 22KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 22KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 23KB - Virtual size: 28KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 23KB - Virtual size: 28KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB