432125ba904ca462647074a6dd183289[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

432125ba904ca462647074a6dd183289.bin
Size

1.3MB
MD5

9102b3a1745fc626b7e60cb8a9c5210d
SHA1

43795326ab95ab62cb8a12a3b02dafe933b09b77
SHA256

405542e894f12922c7f4d11080afc2eba23b08c127737768129fb1d182b5db5b
SHA512

ee20b3c1b5b56f5e25e8e35330d3e0d93438fed242b43526e1c01c4870f5392f244a6bf7a07e1ea5ccabdc717aa4aed46b8d2c6cb857dfcb51cb43ebf50fa35b
SSDEEP

24576:TmMoqAXqfASYAqOlttWVGSRkhW24Z0jxbFnaKaP6pked:T4n1ItWVdRkM2cGlA6pDd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38.dll

Files

432125ba904ca462647074a6dd183289.bin
.zip

Password: infected
aea7e719729575ec3704496cec47c2484139fae981f1c5de64dbad2a5e4b5b38.dll
.dll windows x86

Password: infected

b5b5ef199642bf11580f147378373599

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

AddJobW
SetJobW
EnumPrinterDriversW

ws2_32

select

winmm

mmioClose
waveInReset

opengl32

glVertex3f

kernel32

HeapAlloc
GetBinaryTypeA
PurgeComm
GetSystemTimeAsFileTime
UnregisterWait
GetModuleFileNameA
GetVolumeInformationW
Process32FirstW
GetStartupInfoW
GetProcessHeap
SetInformationJobObject
GetModuleHandleA
GetUserDefaultLCID

ole32

OleUninitialize
CoGetStandardMarshal
OleSetMenuDescriptor

clusapi

ClusterRegEnumValue

advapi32

QueryServiceStatus
RegCloseKey
CopySid
OpenThreadToken
CryptHashSessionKey
AddAccessDeniedObjectAce
GetOldestEventLogRecord
RegisterServiceCtrlHandlerExA
QueryServiceConfigA
GetNumberOfEventLogRecords

rpcrt4

UuidIsNil
NdrStubCall2
RpcServerListen
RpcStringFreeA
NdrUserMarshalUnmarshall

oleaut32

VarI2FromR4
VarUdateFromDate
SafeArrayCreate
VarBstrFromI4
GetRecordInfoFromGuids

avifil32

AVIStreamReadFormat

user32

MapDialogRect
SetScrollInfo
GetUpdateRgn
SetRect
PaintDesktop
OpenIcon
GetKeyState
DestroyCursor

shlwapi

StrChrIW
StrCatChainW
StrChrW
StrChrIA

setupapi

SetupPromptForDiskW
CM_Get_DevNode_Custom_PropertyW
CM_Disable_DevNode
SetupDiOpenDeviceInterfaceA
CM_Get_Hardware_Profile_Info_ExW
SetupInitDefaultQueueCallbackEx

gdi32

GetBitmapDimensionEx
PatBlt
GetCurrentObject
SetDIBitsToDevice

shell32

ShellAboutA

esent

JetSetIndexRange
JetGotoBookmark

winscard

SCardTransmit

wininet

InternetQueryDataAvailable
InternetAutodial

Exports

Exports

TponfKheem

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

=
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nt6+yj.p
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r8CY
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b5b5ef199642bf11580f147378373599

Headers

File Characteristics

Imports

winspool.drv

ws2_32

winmm

opengl32

kernel32

ole32

clusapi

advapi32

rpcrt4

oleaut32

avifil32

user32

shlwapi

setupapi

gdi32

shell32

esent

winscard

wininet

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 61KB

CODE Size: 20KB - Virtual size: 16KB

= Size: 24KB - Virtual size: 20KB

nt6+yj.p Size: 8KB - Virtual size: 6KB

r8CY Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 61KB

CODE
Size: 20KB - Virtual size: 16KB

=
Size: 24KB - Virtual size: 20KB

nt6+yj.p
Size: 8KB - Virtual size: 6KB

r8CY
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 22KB