6f965c8c40359ae322c817ef591ae192[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

6f965c8c40359ae322c817ef591ae192.bin
Size

20KB
MD5

c83569de70ed67ab2e50bdbaffa59bf8
SHA1

ee5d02e1e7245690803c4f909628043b5c23b27e
SHA256

8057742d918028f09215c1691a423304690dde7bd55664bd4f4056e3c2caf812
SHA512

b158691f4fe541e197ca2febbb235ad80ddee39b8c22df631516ae75818a1f0f23b122efda2559800b838043a5a23d43c86225cd4578bf599bd6489c29b7ead6
SSDEEP

384:nt624MDHbBLNQV0m0VpT+U6Kvy+b7BjJdMl3TBHWb+QZKyvHZD5iK/PAYovIDE8D:nt62rD7JNI0m0VpA+bt3MBNHWbZZbvHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/01ae07cc4886a97d2413983767812eef5223012f32c9b22d1f72df9f89e87809.dll

Files

6f965c8c40359ae322c817ef591ae192.bin
.zip

Password: infected
01ae07cc4886a97d2413983767812eef5223012f32c9b22d1f72df9f89e87809.dll
.dll windows x86

Password: infected

191939e12dbb280104ea0d469a3d93c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CloseHandle
WaitForSingleObject
CreateThread
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrcatW
GetFileSize
GetFileAttributesA
CreateFileW
CreateFileA
VirtualAlloc
GetEnvironmentVariableW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringEx
HeapSize
HeapReAlloc
RtlUnwind
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
Sleep
GetModuleHandleW
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
WriteConsoleW

crypt32

CertComparePublicKeyInfo
CertSaveStore
CryptVerifyDetachedMessageHash
CertDuplicateCertificateContext
CertVerifyRevocation

resutils

ResUtilGetEnvironmentWithNetName
ResUtilGetProperties
ResUtilDupString
ResUtilGetPropertiesToParameterBlock
ClusWorkerStart
ResUtilStopService
ResUtilGetDwordProperty
ResUtilGetPrivateProperties

oleaut32

VarUI1FromI2
VarR4FromCy
VarI4FromUI4
SafeArrayGetRecordInfo
VarUI1FromStr
VarCyFromR4
VarUI2FromUI1
VarR8FromI2
SafeArrayGetDim
OleCreatePropertyFrame
VarR4FromI4
VarSu

urlmon

CreateURLMoniker
HlinkSimpleNavigateToMoniker
CoInternetGetProtocolFlags
IsLoggingEnabledA
RevokeBindStatusCallback

setupapi

SetupFindFirstLineW
SetupDiSetSelectedDriverA
SetupDiOpenDeviceInfoA
SetupDiCallClassInstaller
SetupGetStringFieldA

Exports

Exports

HvDeclY
_FileExcists@4
_ReaddFileContents@12
_WrigteToFile@12

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

191939e12dbb280104ea0d469a3d93c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

resutils

oleaut32

urlmon

setupapi

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B