cd9d6190241d425c19449e8ceb1ad8e2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

cd9d6190241d425c19449e8ceb1ad8e2.bin
Size

9.6MB
MD5

54e7e15399c10b6414434d41b5d17645
SHA1

5cd247ca6d20a22d06c967909d1dd1659edb4219
SHA256

293b422c0792ade1abaa860e551f3afa360b6db0e42faf87d08503151ac8d972
SHA512

5a3fa4174a49987d91e2ae4612a0f8e94a00fc57c8bf377a5c7e823410c33fdfe988c22d639efeb9c781f0fda69ad072c3f695d49ce147fcd947e8bedd58d77c
SSDEEP

196608:8NkM+ngx0XIVuRv+rSxddVLqpmTF4FRg7cNn90Sd1u0QnMv:8h+ngx0XIuhzqpmJ0g0W0uMv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3e6bc891f9a2fa51186511a9dcb4e56aec5fe7f498c89d659a9c603cf4c2c7f7.bin

Files

cd9d6190241d425c19449e8ceb1ad8e2.bin
.zip

Password: infected
3e6bc891f9a2fa51186511a9dcb4e56aec5fe7f498c89d659a9c603cf4c2c7f7.bin
.exe windows x64

Password: infected

a2bf64b6b6a36106c095e537a7cb55d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_MaxDataListLength
HidD_FreePreparsedData
HidP_GetData
HidP_GetButtonCaps
HidP_GetValueCaps
HidD_GetHidGuid

kernel32

GetSystemTimeAsFileTime
GetModuleHandleA
GetFullPathNameW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
FormatMessageA
SystemTimeToFileTime
GetLocalTime
GetTimeZoneInformation
LocalFree
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
GetTickCount
ReadFile
SetFilePointerEx
WriteFile
SetEndOfFile
GetFileAttributesExW
CreateFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
LoadLibraryExW
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryW
SetFileTime
GetSystemTime
GetDiskFreeSpaceExA
lstrcpynA
lstrcpyA
lstrcpynW
GetCommandLineW
ExpandEnvironmentStringsW
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
GetThreadContext
SuspendThread
RtlCaptureContext
OutputDebugStringA
GetEnvironmentVariableA
GetFileAttributesA
GetModuleFileNameA
GetVersionExA
GetCurrentDirectoryA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetComputerNameW
GetTempPathW
LocalAlloc
SetUnhandledExceptionFilter
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetOverlappedResult
CancelIo
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GetQueuedCompletionStatus
SetErrorMode
DecodePointer
EncodePointer
HeapAlloc
HeapFree
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
InitializeCriticalSectionAndSpinCount
CreateThread
HeapSize
DuplicateHandle
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
GetStartupInfoW
FileTimeToSystemTime
GetDriveTypeA
FindFirstFileExA
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetStdHandle
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
FlushConsoleInputBuffer
SwitchToThread
SetThreadAffinityMask
GetProcessAffinityMask
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
SetConsoleMode
ReadConsoleInputA
GetTimeFormatA
GetDateFormatA
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
CreateIoCompletionPort
SetHandleInformation
FormatMessageW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
ExitProcess
SetThreadPriority
CreateMutexA
ReleaseMutex
GetModuleHandleW
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
RaiseException
HeapQueryInformation
SleepEx
SetDllDirectoryW
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
LoadLibraryA
SetEvent
IsDebuggerPresent
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
DeleteFileW
CopyFileW
GetStartupInfoA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventA
CloseHandle
Sleep
SetLastError
GetLastError
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalMemoryStatus

user32

GetAsyncKeyState
ClientToScreen
RegisterRawInputDevices
GetMessageTime
MapVirtualKeyExA
GetMessagePos
GetRawInputData
GetKeyNameTextW
LoadKeyboardLayoutA
GetRawInputDeviceInfoW
GetRawInputDeviceList
wvsprintfA
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
GetMonitorInfoA
SetFocus
GetFocus
ShowCursor
SetWindowTextW
GetDlgItem
IsDlgButtonChecked
CopyImage
SetWindowLongPtrA
KillTimer
GetMessageA
PeekMessageA
SetWindowPos
SetCursorPos
ClipCursor
SystemParametersInfoW
RegisterDeviceNotificationW
GetMessageExtraInfo
PtInRect
DispatchMessageA
UnregisterDeviceNotification
SendMessageTimeoutA
IsIconic
wsprintfA
DestroyIcon
MonitorFromWindow
LoadCursorA
SetCursor
GetSystemMetrics
GetDC
ReleaseDC
CreateIconIndirect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorPos
WindowFromPoint
IsWindowVisible
GetCaretBlinkTime
EnumDisplaySettingsA
MessageBoxW
UpdateWindow
GetKeyState
LoadImageW
DialogBoxParamA
EndDialog
SetForegroundWindow
ScreenToClient
CheckDlgButton
GetAncestor
CreateDialogParamW
ReleaseCapture
SetCapture
RegisterClassExW
DialogBoxParamW
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
MessageBoxA
CopyRect
OffsetRect
GetDesktopWindow
AdjustWindowRectEx
GetWindowPlacement
GetWindowRect
SendMessageA
UnregisterClassW
PeekMessageW
DestroyWindow
GetProcessWindowStation
GetUserObjectInformationW
DefWindowProcW
RegisterClassW
CreateWindowExW
EnumDisplayMonitors
EnumDisplayDevicesA
GetClientRect
EnableWindow
SetTimer
ShowWindow
GetParent
ValidateRect
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
IsDialogMessageW
SetWindowLongA
ChangeDisplaySettingsA
CreateDialogParamA
GetWindowLongPtrA
GetWindowLongA
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
DestroyCursor
RegisterWindowMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ole32

PropVariantClear
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
StringFromGUID2
CoInitialize

shlwapi

PathCanonicalizeW
PathFileExistsW
SHDeleteKeyW

advapi32

RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

SetPixelFormat
SwapBuffers
GetDeviceCaps
GetObjectA
DeleteObject
CreateBitmap
CreateDIBSection
ChoosePixelFormat

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

opengl32

wglGetCurrentDC
wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress

winmm

waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
waveInGetNumDevs

ws2_32

WSACloseEvent
WSAEventSelect
WSACreateEvent
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAWaitForMultipleEvents
setsockopt
ioctlsocket
closesocket
WSACleanup
ntohl
htonl
ntohs
htons
WSAResetEvent
WSAEnumNetworkEvents
WSASetEvent
getpeername
getprotobyname
recv
gethostbyname
shutdown
listen
accept
WSARecvFrom
WSAIoctl
getnameinfo
getaddrinfo
recvfrom
sendto
send
gethostname
socket
connect
bind
inet_addr
WSAStartup
select
__WSAFDIsSet
inet_ntoa
getsockname
freeaddrinfo
WSASocketA
WSASetLastError
WSAGetLastError

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetConversionStatus
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 871KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a2bf64b6b6a36106c095e537a7cb55d1

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 16.7MB - Virtual size: 16.7MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 620KB - Virtual size: 1.5MB

.pdata Size: 871KB - Virtual size: 870KB

.rodata Size: 3KB - Virtual size: 2KB

text Size: 13KB - Virtual size: 12KB

data Size: 32KB - Virtual size: 32KB

.trace Size: 2KB - Virtual size: 2KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 170KB - Virtual size: 169KB

.text
Size: 16.7MB - Virtual size: 16.7MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 620KB - Virtual size: 1.5MB

.pdata
Size: 871KB - Virtual size: 870KB

.rodata
Size: 3KB - Virtual size: 2KB

text
Size: 13KB - Virtual size: 12KB

data
Size: 32KB - Virtual size: 32KB

.trace
Size: 2KB - Virtual size: 2KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 170KB - Virtual size: 169KB