6c5e12f6d2503bf13936f01eeac2b0bf[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

6c5e12f6d2503bf13936f01eeac2b0bf.bin
Size

573KB
MD5

dd60ff726ba2b8792a19a912e79a234b
SHA1

c49360dfffc0380cf229ca87d50b23d381c8d26b
SHA256

51be721b2070f2837f28316ff45f0472dcb0e0486042f7a73ec33bf7d727ab42
SHA512

ffc8b9f8456c3ff4e9b262c5a7433f8a59deae298eddbbf1499bebfe103cf01a8d23c54203f19daa2e76a309592233b7fbf4afeb61f903874e42a7de63c89501
SSDEEP

12288:yhd6dxsIM1C8LCZjyasv7LdPH9Pvuq42eG9zCQVTAi2rHd9T1THeftZP:yyvspJC9kvfdFPvvUG9zCQVE31SftZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/93e6e51d13facaf1e0c040c5be48d9eff2103cfc251331ab1165c66c3d07cca1.bin

Files

6c5e12f6d2503bf13936f01eeac2b0bf.bin
.zip

Password: infected
93e6e51d13facaf1e0c040c5be48d9eff2103cfc251331ab1165c66c3d07cca1.bin
.exe windows x86

Password: infected

34d53627de08f1a715ee342eeb02f737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Query_And_Remove_SubTreeW

kernel32

CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
InitializeCriticalSection
ExitThread
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
RtlUnwind
GetCurrentDirectoryA
SetErrorMode
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
LocalSize
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
DeleteCriticalSection
LeaveCriticalSection
GetVersionExA
GetVersion
lstrlenA
lstrlenW
GetCPInfo
MultiByteToWideChar
FreeResource
lstrcmpiA
SetLastError
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetModuleFileNameA
GetTickCount
ReleaseMutex
Sleep
SetThreadPriority
GetCurrentThread
CreateProcessA
DeleteFileA
GetDriveTypeA
CopyFileA
GetSystemDirectoryA
GetLogicalDrives
MoveFileA
FreeLibrary
SetFileAttributesA
GetPrivateProfileStringA
EnterCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
FindResourceA
GetFileSize
GetFileAttributesA
TerminateProcess
WaitForSingleObject
TlsGetValue
LocalAlloc
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
FindFirstFileA
FindNextFileA
FindClose
GetEnvironmentVariableA
GetFileAttributesExA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
LocalFree
GetModuleHandleW
LCMapStringA
ExitProcess
GetOEMCP
CreateMutexA
GlobalAlloc
GlobalFree
QueryDosDeviceA
DeviceIoControl

user32

ReleaseCapture
LoadCursorA
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
EndDialog
CharUpperA
GetWindowThreadProcessId
GetMessageA
TranslateMessage
ValidateRect
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
GetCursorPos
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetScrollPos
GetScrollPos
IsWindowVisible
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
RegisterWindowMessageA
GetMenuItemInfoA
GetSysColor
SystemParametersInfoA
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
IsIconic
GetWindowPlacement
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
CheckMenuItem
SetWindowLongA
SetRectEmpty
PtInRect
IntersectRect
IsRectEmpty
UnregisterClassA
SetCapture
CharNextA
CopyAcceleratorTableA
InvalidateRgn
EndPaint
BeginPaint
GetWindowDC
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetTopWindow
DestroyIcon
DrawIconEx
DrawTextA
GetSystemMetrics
FillRect
GetSysColorBrush
SetRect
CopyRect
LoadBitmapA
DrawEdge
TabbedTextOutA
DrawTextExA
GrayStringA
CreateMenu
CreatePopupMenu
DeleteMenu
AppendMenuA
GetMenuItemCount
GetMenuItemID
GetMenuState
CopyIcon
GetDoubleClickTime
SetClassLongA
SetWindowRgn
SendMessageTimeoutA
DrawFrameControl
RegisterClassW
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
ScreenToClient
DestroyMenu
GetMenuStringA
RedrawWindow
IsWindow
GetDlgCtrlID
WaitForInputIdle
EnumThreadWindows
LoadIconA
SetForegroundWindow
GetSystemMenu
KillTimer
GetForegroundWindow
UnregisterHotKey
RegisterHotKey
FindWindowA
SetTimer
PostQuitMessage
LoadMenuA
EnableMenuItem
UpdateWindow
PeekMessageA
ShowWindow
MessageBoxA
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageA
DrawFocusRect
DrawStateA
FrameRect
OffsetRect
InflateRect
LoadImageA
GetIconInfo
CreateIconIndirect
DefDlgProcA
DefFrameProcW
PostMessageA
SetCursor
DefFrameProcA
DefWindowProcW
IsMenu
DestroyCursor
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
ModifyMenuA
GetSubMenu
SetWindowLongW
GetWindowLongW
IsWindowUnicode
EnumWindows
EnableScrollBar
CallWindowProcW

gdi32

SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
GetClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
DPtoLP
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateRectRgnIndirect
CombineRgn
GetMapMode
GetCharWidthA
StretchDIBits
GetBkColor
GetTextColor
GetRgnBox
OffsetViewportOrgEx
CreateRectRgn
GetTextMetricsA
CreateFontA
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
GetTextExtentPoint32A
ExtTextOutA
TextOutA
SetPixel
GetPixel
PatBlt
Ellipse
RectVisible
PtVisible
GetBkMode
GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA
OffsetRgn
GetTextCharsetInfo
StretchBlt
SetBrushOrgEx
CreatePalette
CreateDIBitmap
Polygon
GetDIBits
CreatePen
CreateCompatibleDC
GetTextExtentPoint32W
DeleteDC
DeleteObject
CreateSolidBrush
BitBlt
CreateDIBSection
SelectObject
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegQueryInfoKeyA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ImageList_GetIconSize
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_Destroy

shlwapi

PathFileExistsA
StrStrIA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
CLSIDFromProgID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
VariantTimeToSystemTime
SysStringByteLen

ws2_32

ntohl

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 1009KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

34d53627de08f1a715ee342eeb02f737

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

imagehlp

Sections

.text Size: 1009KB - Virtual size: 1009KB

.rdata Size: 213KB - Virtual size: 213KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 1009KB - Virtual size: 1009KB

.rdata
Size: 213KB - Virtual size: 213KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 14KB - Virtual size: 14KB