93d0c72fe77a55b07b466fc54ecd5b42[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

93d0c72fe77a55b07b466fc54ecd5b42.bin
Size

47KB
MD5

dd9615c10a2d0a284d14c9f833513b90
SHA1

aae1926d1023cbae9a2c7a496928647395964d3d
SHA256

009e91396c504f643d09964de4e4d6d6e31b29e29f0b234d449ddca3e0dd0cfd
SHA512

da6e84541aca5cace0ff10c2665a03f0d26a48f48a8b3a7a2b1251a1038da219f94f32350f2e27c2f8156dedf1d2d48c538370b127dce419dc12fa4e65b21553
SSDEEP

768:lHxDOBIdAxEwEFWIrsLSluuBIJhmAFiVMD3TJYLKv2i6LOTpzx6pfd+Y:FxDHdqHwjrAOJ5AFiu5+iOOTRkV+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/71f3070e6f91cee2a4d85cb801b57146bce229261d336ced97d4d0ca5c581e8b.dll

Files

93d0c72fe77a55b07b466fc54ecd5b42.bin
.zip

Password: infected
71f3070e6f91cee2a4d85cb801b57146bce229261d336ced97d4d0ca5c581e8b.dll
.dll windows x86

Password: infected

832a2d6c6c715a0b9592ee363d4685e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringW
ImmGetCandidateListA
ImmSetHotKey
ImmGetHotKey
ImmGetGuideLineA

shlwapi

SHRegGetUSValueW
PathParseIconLocationW
SHRegQueryInfoUSKeyA
PathIsURLW
PathCombineA
StrCmpNIA
PathIsPrefixA
StrCmpNA
SHDeleteKeyW
PathMakeSystemFolderW
PathIsURLA
SHRegQueryUSValueA
GetMenuPosFromID
UrlCompareW

kernel32

GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
VirtualAlloc
VirtualFree
GetModuleHandleExW
LoadResource
LockResource
SizeofResource
FindResourceW
HeapReAlloc
HeapSize
GetStringTypeW
SetFilePointerEx
GetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
CreateFileW
CloseHandle
WriteConsoleW
EncodePointer
FindFirstFileExW
DecodePointer
GetFileType
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
RaiseException

rtm

RtmBlockDeleteRoutes
RtmGetFirstRoute
RtmAddRoute
MgmGetFirstMfe
MgmReleaseInterfaceOwnership
RtmGetNextRoute
RtmEnumerateGetNextRoute

mswsock

EnumProtocolsW
sethostname
GetTypeByNameA
GetTypeByNameW
s_perror

resutils

ResUtilSetPropertyTable
ResUtilFindDwordProperty
ResUtilSetMultiSzValue
ResUtilGetProperty
ResUtilSetSzValue
ResUtilFreeParameterBlock
ResUtilGetResourceDependency
ResUtilGetDwordValue
ResUtilEnumProperties

msvfw32

ICCompress
ICCompressorChoose
DrawDibRealize

avicap32

AppCleanup

avifil32

AVIStreamGetFrameOpen
AVIFileCreateStreamW
EditStreamClone
AVIStreamSampleToTime
AVIFileInit
AVIStreamEndStreaming

ole32

IsEqualGUID
OleCreateEx
ReleaseStgMedium
MonikerRelativePathTo
OleRegGetMiscStatus
CreateBindCtx
StgOpenStorage
OleRegEnumVerbs
StgCreatePropStg
IIDFromString

Exports

Exports

HvTkcoed

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

832a2d6c6c715a0b9592ee363d4685e0

Headers

DLL Characteristics

File Characteristics

Imports

imm32

shlwapi

kernel32

rtm

mswsock

resutils

msvfw32

avicap32

avifil32

ole32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 208B

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 208B

.rsrc
Size: 6KB - Virtual size: 6KB