f42a201044931eee29a309600b72d456[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f42a201044931eee29a309600b72d456.bin
Size

363KB
MD5

23a0e32a3296eabdc310805ee123d7ff
SHA1

f5caf65a2ce50315831e82e6d16f0b0d6d1be685
SHA256

4e18796a341e43148f91a62254d28bdc47dee39f62b8ab096eceaa8c7483778f
SHA512

686acf44708cde36d5a49d37ba1005c4ed75a883fa6a19b6123080ca7a9b20b56946bd9cbb7da0bb8dd4cc5764738e41852f0efb3e98481cd314b9c55a144143
SSDEEP

6144:3gjOucDURTl9+e2+qeNZwHUPDuZzlixW34wsYUu6mZ2d/FDuQyKJkUNwOpLNtNV+:3gSJ4B+M92UPy9lixwsu6mZ2dRuVKJkP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/55e5131f01e0b4db477326c27139ab59c61f33cceb5de503e874197d23d37ad0.bin

Files

f42a201044931eee29a309600b72d456.bin
.zip

Password: infected
55e5131f01e0b4db477326c27139ab59c61f33cceb5de503e874197d23d37ad0.bin
.exe windows x64

Password: infected

6d9c27ca5008bc63e9fbc102659734db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

shell32

ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetSystemMenu
EnableMenuItem
EnableWindow
MessageBeep
LoadIconW
LoadImageW
SetWindowsHookExW
PtInRect
CallNextHookEx
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
SystemParametersInfoW
SetFocus
UnhookWindowsHookEx
GetWindowLongPtrW
SetWindowLongPtrW
GetSystemMetrics
GetClientRect
GetDlgItem
IsWindow
CreateWindowExA
MessageBoxA
DestroyWindow
GetSysColor
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
wsprintfA
GetClassNameA
GetWindowLongW
GetMenu
GetWindowDC
ReleaseDC
CopyImage
GetParent
ScreenToClient
CreateWindowExW
GetDesktopWindow
wvsprintfW
SetWindowPos
SetTimer
GetMessageW
DispatchMessageW
GetWindowRect
CharUpperW
SendMessageW
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
EndDialog
SetWindowLongW
GetKeyState
KillTimer

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
OleLoadPicture
SysAllocString

kernel32

ReadFile
SetFileTime
SetEndOfFile
VirtualAlloc
VirtualFree
GetFileInformationByHandle
WaitForMultipleObjects
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
SetCurrentDirectoryW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
GetDiskFreeSpaceExW
SetLastError
GetCommandLineW
GetStartupInfoW
GetTickCount
lstrlenW
ExitProcess
lstrcatW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoA

msvcrt

free
__set_app_type
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
_wtol
__CxxFrameHandler
memset
memmove
memcpy
_wcsnicmp
memcmp
strncpy
wcsncpy
wcsncmp
strncmp
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
_beginthreadex
_CxxThrowException
wcsstr
_fmode
realloc
malloc
__dllonexit
_onexit
??1type_info@@UEAA@XZ
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
?terminate@@YAXXZ

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6d9c27ca5008bc63e9fbc102659734db

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shell32

gdi32

advapi32

user32

ole32

oleaut32

kernel32

msvcrt

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 3KB - Virtual size: 20KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 3KB - Virtual size: 20KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 2KB - Virtual size: 2KB