fad88b95e93946e63c37ab8d007d59a0[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

fad88b95e93946e63c37ab8d007d59a0.bin
Size

347KB
MD5

21bc90cd0311cee34e3fb8a56749e526
SHA1

a65492bfe70136a9b74a6a206ad25d989a93f97f
SHA256

1957e99a8e57c7c6b4acba6c9439da7ce464d8550e45e6537aef957b204e3548
SHA512

dcde497706e2310a6efd13fb6a11839d28920e91eba22d8e5c1698a9da2c8483cc998c2289750363caa2929561cfa9c13b93d37be3f666b518f7a3c22834d491
SSDEEP

6144:ozR7/vkzpotHJMVng4QaIH0vFNsIuofVM9rOIXDZZBSkDoGwTS2Jcwy:y/vkFolKgGDNs2S9rOIXN2dGw1Jcwy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3c9fb10add90677945826e483a86a419cf392091c656069afa694b7a77c1b0f.bin

Files

fad88b95e93946e63c37ab8d007d59a0.bin
.zip

Password: infected
d3c9fb10add90677945826e483a86a419cf392091c656069afa694b7a77c1b0f.bin
.exe windows x64

Password: infected

819a8a6e2ef19512ebdec1fa0f3eff1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

opencv_world452

??0Mat@cv@@QEAA@XZ

cutelogger

??1RollingFileAppender@@UEAA@XZ

libcurl-x64

curl_easy_init

videoio

??1Frame@openshot@@UEAA@XZ

shell32

ord190

advapi32

SystemFunction036

aiengine

??1SystemInfo@aiutils@@UEAA@XZ

qt5quick

??1QQuickPaintedItem@@UEAA@XZ

qt5widgets

?getExistingDirectory@QFileDialog@@SA?AVQString@@PEAVQWidget@@AEBV2@1V?$QFlags@W4Option@QFileDialog@@@@@Z

qt5gui

??1QFont@@QEAA@XZ

qt5qml

??1QQmlApplicationEngine@@UEAA@XZ

qt5network

??1QNetworkRequest@@QEAA@XZ

qt5core

??1QDir@@QEAA@XZ

msvcp140

_Cnd_wait

vcruntime140

memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-stdio-l1-1-0

fflush

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-filesystem-l1-1-0

_wstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.MPRESS1
Size: 290KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

819a8a6e2ef19512ebdec1fa0f3eff1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

opencv_world452

cutelogger

libcurl-x64

videoio

shell32

advapi32

aiengine

qt5quick

qt5widgets

qt5gui

qt5qml

qt5network

qt5core

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.MPRESS1 Size: 290KB - Virtual size: 824KB

.MPRESS2 Size: 5KB - Virtual size: 4KB

.rsrc Size: 118KB - Virtual size: 118KB

.MPRESS1
Size: 290KB - Virtual size: 824KB

.MPRESS2
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 118KB - Virtual size: 118KB