f5f57e2badbbdad7755f938ca4723eb5[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f5f57e2badbbdad7755f938ca4723eb5.bin
Size

513KB
MD5

797d70c748aa9ef4fd34e41d4e4807ed
SHA1

5328e123aa32c5f8c78e368c8e92d42558226e3d
SHA256

6d81dedb920589c6f943fd4a2968f9496ce5c3570a3e057d7e7ff0bc6901ecf5
SHA512

47189ecfdd408901d6a8640aa5332928c95480acfac2ab63459a52ad7341a4d546fa984bb21b5c051b679ce07e9a56c1a4955e2375b7e59539b5a0ea7e0ec34b
SSDEEP

12288:6EVHQOMpaNqRQ6mtlSD9dmXPSHEe0qJJvkS15GoFq36PH:6OHkpa4i6mto5o/8BdJJcMFF1P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/75a519f9246df8e59607b533fb3e7ffe658a2246c2c19ac82cc9691cf1c8542a.bin

Files

f5f57e2badbbdad7755f938ca4723eb5.bin
.zip

Password: infected
75a519f9246df8e59607b533fb3e7ffe658a2246c2c19ac82cc9691cf1c8542a.bin
.exe windows:5 windows x86

Password: infected

cbddc0bea6e7f159db334a3154cbf34e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

nw_elf

SignalChromeElf

rpcrt4

UuidCreate

advapi32

ImpersonateNamedPipeClient
GetSecurityInfo
SetEntriesInAclW
SetThreadToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
CreateProcessAsUserW
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

user32

GetProcessWindowStation
GetUserObjectInformationW
CreateWindowStationW
SetProcessWindowStation
PeekMessageW
PostThreadMessageW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop

kernel32

GetProcessHeap
SetStdHandle
GetFullPathNameW
ExitProcess
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
EncodePointer
LoadLibraryExA
VirtualProtect
GetDriveTypeW
PeekNamedPipe
GetACP
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
ReadConsoleW
GetOEMCP
HeapSize
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ConnectNamedPipe
DisconnectNamedPipe
SuspendThread
GetSystemDefaultLCID
IsValidCodePage
MapViewOfFile
SearchPathW
GetThreadId
DebugBreak
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
CreateEventW
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
GetCurrentProcessId
GetModuleHandleW
VirtualAlloc
VirtualFree
GetFileInformationByHandle
GetExitCodeProcess
CompareStringW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
WriteFile
CreateFileW
DeleteFileW
CloseHandle
FormatMessageA
GetTickCount
SetThreadPriority
Sleep
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
LocalFree
TerminateProcess
OpenProcess
IsDebuggerPresent
GetProcessTimes
CreateThread
GetVersionExW
GetNativeSystemInfo
ReadFile
QueryDosDeviceW
GetLongPathNameW
UnmapViewOfFile
CreateFileMappingW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
lstrlenW
LoadLibraryW
SetInformationJobObject
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
CreatePipe
ResumeThread
CreateProcessW
GetUserDefaultUILanguage
GetLocaleInfoW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryW
GetWindowsDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
FindClose
VirtualQuery
SetEvent
ResetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CreateRemoteThread
HeapAlloc
HeapReAlloc
HeapFree
GetTimeZoneInformation
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetThreadLocale
ReleaseSemaphore
CreateSemaphoreW
LockFileEx
UnlockFileEx
GetFileType
SleepEx
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
HeapSetInformation
TerminateJobObject
GetUserDefaultLCID
GetThreadContext
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReadData
WinHttpConnect

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetHandleVerifier
GetUploadedReportsImpl
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
SetCrashKeyValueImpl

Sections

.text
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

cbddc0bea6e7f159db334a3154cbf34e

Headers

DLL Characteristics

File Characteristics

Imports

nw_elf

rpcrt4

advapi32

version

winmm

user32

kernel32

winhttp

Exports

Exports

Sections

.text Size: 616KB - Virtual size: 616KB

.rdata Size: 289KB - Virtual size: 288KB

.data Size: 4KB - Virtual size: 27KB

CPADinfo Size: 512B - Virtual size: 36B

.gfids Size: 1024B - Virtual size: 820B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 512B - Virtual size: 288B

.rsrc Size: 291KB - Virtual size: 290KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 616KB - Virtual size: 616KB

.rdata
Size: 289KB - Virtual size: 288KB

.data
Size: 4KB - Virtual size: 27KB

CPADinfo
Size: 512B - Virtual size: 36B

.gfids
Size: 1024B - Virtual size: 820B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 512B - Virtual size: 288B

.rsrc
Size: 291KB - Virtual size: 290KB

.reloc
Size: 26KB - Virtual size: 26KB