c0516b485065fabdd69579816b5df763[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

c0516b485065fabdd69579816b5df763.bin
Size

2.5MB
MD5

353ff1a3b78ed2d8fad52d42338cfc7f
SHA1

84da613b2afe1d6ef3a8a83162e7abc6067b56af
SHA256

814606c530d0568ae6366327ce45d70e08815cba2a32bb06c63dbc5b490cac85
SHA512

5eff72f0aa65210d813619fc6606a3730918a7f8370436b9bde98d2542139d32ef5290231f833ea8f44f898f92a91989ccde69a632810bd030f0b5b544f39ace
SSDEEP

49152:lhJhODwjR+3pvTvTmUhJwS6gRQsGxVYIVeHeZFoMSkoWHavb9VACy6UM:TJED06VvTXvwSnMxGQ+KFo8oW6D9VjoM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/80774c2e5d619b4f120b48d4462896fd504c263399d203a238769cffde1d253c.bin

Files

c0516b485065fabdd69579816b5df763.bin
.zip

Password: infected
80774c2e5d619b4f120b48d4462896fd504c263399d203a238769cffde1d253c.bin
.exe windows x86

Password: infected

c08ad863d5294c684e8689c881780e5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
GetCurrentThread
GetCurrentProcess
GetLongPathNameA
SetErrorMode
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
GetTickCount
IsDebuggerPresent
RemoveDirectoryA
GetFullPathNameA
SetCurrentDirectoryA
GetDiskFreeSpaceA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
GetThreadPriority
GetProcessAffinityMask
SetPriorityClass
SetThreadPriority
SetProcessAffinityMask
Sleep
GetVersionExA
GetLogicalDrives
GetDriveTypeA
GlobalMemoryStatusEx
ResumeThread
SuspendThread
DeleteFileA
MultiByteToWideChar
FindFirstFileA
FindNextFileA
FindClose
FatalAppExitA
DebugBreak
SetupComm
SetCommTimeouts
GetCommConfig
SetCommConfig
GetCommState
SetCommState
PurgeComm
WaitForMultipleObjects
SetCommMask
GetOverlappedResult
WaitCommEvent
GetProcessHeap
QueueUserAPC
SetThreadAffinityMask
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
CreateThread
GlobalFree
GlobalAlloc
GetDiskFreeSpaceExA
GetFileSize
MoveFileA
GetCurrentDirectoryA
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
CreateProcessA
GetLastError
IsBadReadPtr
OutputDebugStringA
CreateEventA
SetEvent
CreateWaitableTimerA
GetSystemTime
GetCommandLineA
RtlUnwind
RaiseException
IsBadWritePtr
HeapValidate
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
ExitProcess
GetTimeZoneInformation
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
CompareStringA
CompareStringW
ReadFile
SetConsoleCtrlHandler
GetACP
GetOEMCP
InitializeCriticalSection
VirtualQuery
InterlockedExchange
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
VirtualProtect
GetSystemInfo
SetFilePointer
GetCurrentProcessId
FlushFileBuffers
SetStdHandle
CreateFileA
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
DuplicateHandle
TerminateThread
SleepEx
GetExitCodeThread
SetWaitableTimer
WaitForSingleObject
SystemTimeToFileTime

d3d9

Direct3DCreate9

d3dx9_26

D3DXMatrixMultiply
D3DXVec4Transform
D3DXVec3Transform
D3DXMatrixInverse
D3DXCreateEffectFromResourceA
D3DXCreateEffectPool
D3DXMatrixOrthoLH
D3DXMatrixPerspectiveLH
D3DXMatrixTranslation
D3DXVec3TransformCoordArray
D3DXVec3Normalize
D3DXVec3TransformNormal
D3DXMatrixTranspose

dinput8

DirectInput8Create

user32

SetWindowPos
SetWindowLongA
BeginPaint
EndPaint
PostMessageA
IsIconic
PostQuitMessage
SetCapture
ReleaseCapture
DefWindowProcA
wvsprintfA
GetCursorPos
PeekMessageA
ShowCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
MapVirtualKeyExA
GetKeyboardLayout
GetDesktopWindow
GetForegroundWindow
wsprintfA
PostThreadMessageA
SendInput
LoadIconA
LoadCursorA
RegisterClassExA
GetWindowRect
GetClientRect
MapVirtualKeyA
ToUnicode
MessageBoxA
AdjustWindowRect
CreateWindowExA
UpdateWindow
SetCursor
SetFocus
SetForegroundWindow
ShowWindow
DestroyWindow

advapi32

RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA

shfolder

SHGetFolderPathA

shell32

ShellExecuteA

dsound

ord6
ord1

winmm

waveOutGetDevCapsA
waveOutGetNumDevs
waveOutWrite
waveOutGetPosition
waveOutSetVolume
waveInStart
waveInAddBuffer
waveInGetPosition
timeEndPeriod
timeGetTime
timeBeginPeriod
waveOutReset
waveOutOpen
waveOutClose
waveInStop
waveInGetNumDevs
waveInGetDevCapsA
waveInReset
waveInOpen
waveInClose
waveInUnprepareHeader
waveOutUnprepareHeader
waveInPrepareHeader
waveOutPrepareHeader

gdi32

ExtTextOutA
BitBlt
GetPixel
DeleteObject
DeleteDC
SetBkMode
SetBkColor
SetTextColor
CreateFontA
CreateBitmap
SelectObject
CreateCompatibleDC

tapi32

lineGetDevCaps
lineShutdown
lineInitialize
lineAnswer
lineMakeCall
lineGetID
lineClose
lineNegotiateAPIVersion
lineOpen

netapi32

Netbios

ws2_32

shutdown
WSASetEvent
bind
connect
listen
accept
sendto
send
recv
recvfrom
select
getpeername
getsockname
gethostbyname
gethostname
WSAIoctl
WSACleanup
getsockopt
WSAGetLastError
WSACreateEvent
setsockopt
socket
WSACloseEvent
ioctlsocket
WSARecv
WSARecvFrom
closesocket
WSAStartup
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSAResetEvent

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c08ad863d5294c684e8689c881780e5c

Headers

File Characteristics

Imports

kernel32

d3d9

d3dx9_26

dinput8

user32

advapi32

shfolder

shell32

dsound

winmm

gdi32

tapi32

netapi32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 360KB - Virtual size: 357KB

.data Size: 144KB - Virtual size: 883KB

.rsrc Size: 452KB - Virtual size: 449KB

Size: 260KB - Virtual size: 259KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 360KB - Virtual size: 357KB

.data
Size: 144KB - Virtual size: 883KB

.rsrc
Size: 452KB - Virtual size: 449KB