1de0fdce0cba4f6ee6d34192b8a52c23[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1de0fdce0cba4f6ee6d34192b8a52c23.bin
Size

2.8MB
MD5

209d4f1745d375af8b7aa18ba4a7aacd
SHA1

1bed76af85eecbdd6bbb1b4507ce0374d770b2c6
SHA256

d67b29065776c008b97061d504878358fb3cc1570e1e13d010237015b22c5046
SHA512

90a846b8992c1d28ccab29448c202e3cf416d2f3dde2e93c05ef323487713b128a220083eaef53ed575b805ee3c5f6a2ff9fff0ec848844440024cc78139cee9
SSDEEP

49152:tu/R8qkhfyC0S+AjJJrbXBuWh+msk5sPolJuUMWLtbC11TvJEQukP0UxXlJj:kIhfSS+MJJrbQmN5s2M11TRwk8UxT

Score

1^/10

Malware Config

Signatures

Files

1de0fdce0cba4f6ee6d34192b8a52c23.bin
.zip

Password: infected
730ad0e4ad032ebabab5e5a37f8b5a9bd8efa88b2dbb3f54fe6126bd75097043.bin
.exe windows:5 windows x86

Password: infected

085102782da116d57d7fd861ecacbd67

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-10-2018 00:00

Not After

16-10-2021 23:59

Subject

CN=TMRG\, Inc.,O=TMRG\, Inc.,POSTALCODE=20190,STREET=Suite 600+STREET=11950 Democracy Drive,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
WSAGetLastError
WSAStartup
WSACleanup
WSASetLastError
gethostbyname
inet_addr
getservbyname
ntohl
socket
setsockopt
closesocket
htons
bind
recvfrom
ntohs
send
connect
ioctlsocket
shutdown
listen
accept
getsockname
getsockopt
getpeername
sendto
inet_ntoa
htonl
recv
__WSAFDIsSet
select

wininet

InternetOpenW
InternetGetConnectedState
InternetQueryOptionA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetConnectW
InternetConnectA
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
InternetSetOptionA
InternetCheckConnectionA
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
CreateUrlCacheEntryA
CommitUrlCacheEntryA
HttpSendRequestA

comctl32

ImageList_LoadImageA

rpcrt4

UuidCompare
UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

mixerGetNumDevs
auxGetNumDevs
joyGetNumDevs
midiOutGetNumDevs
midiInGetNumDevs
waveOutGetNumDevs
waveInGetNumDevs

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable
GetNetworkParams

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsA

ws2_32

WSAEventSelect
WSACreateEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEnumNetworkEvents
WSAAddressToStringA
getaddrinfo
freeaddrinfo
WSAIoctl
getnameinfo
WSAStringToAddressA

oleacc

AccessibleObjectFromPoint

dnsapi

DnsQuery_A
DnsRecordListFree

dbghelp

MiniDumpWriteDump

psapi

EnumProcessModules
GetModuleFileNameExA

crypt32

CertFreeCertificateChain
CertGetNameStringA
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore

wldap32

ord32
ord35
ord79
ord33
ord200
ord27
ord41
ord46
ord60
ord30
ord26
ord50
ord143
ord217
ord211
ord22
ord301

kernel32

TlsSetValue
TlsGetValue
GetTickCount
CloseHandle
GetShortPathNameA
GetEnvironmentVariableA
CreateProcessA
GetCurrentProcessId
QueryPerformanceCounter
CreateFileA
WriteFile
GetLastError
SetEvent
CreateEventA
WaitForMultipleObjects
LocalAlloc
LocalFree
lstrlenA
GetProcAddress
FreeLibrary
GetFileSize
ReadFile
LoadLibraryA
GetCurrentThreadId
DeleteFileA
FormatMessageA
GetSystemTimeAsFileTime
SetFilePointer
OpenProcess
WaitForSingleObject
GetFileAttributesA
Sleep
GetTempPathA
GetTempFileNameA
CreateDirectoryA
CopyFileA
RemoveDirectoryA
GetStartupInfoA
OpenMutexA
GetVersionExA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
TerminateProcess
InterlockedDecrement
CreateToolhelp32Snapshot
Process32First
Process32Next
InterlockedIncrement
CreateMutexA
ReleaseMutex
GetCurrentProcess
GetCurrentThread
SetLastError
GetSystemInfo
GetComputerNameA
IsBadReadPtr
GlobalMemoryStatus
InitializeCriticalSectionAndSpinCount
ResumeThread
CreateFileMappingA
CreateSemaphoreA
OpenEventA
DuplicateHandle
InterlockedCompareExchange
HeapAlloc
HeapFree
WriteConsoleW
IsDebuggerPresent
ReleaseSemaphore
GetThreadTimes
GetProcessTimes
Thread32First
OpenThread
Thread32Next
SetUnhandledExceptionFilter
ExitProcess
InterlockedExchange
InterlockedExchangeAdd
TlsAlloc
TlsFree
GlobalAlloc
GlobalFree
WriteProcessMemory
GlobalLock
GlobalUnlock
CreateRemoteThread
GetDriveTypeA
GetModuleFileNameA
SetThreadPriority
FindFirstFileA
SetFileTime
FindNextFileA
FindClose
CompareFileTime
GetLogicalDriveStringsA
GetExitCodeProcess
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
FindResourceA
SizeofResource
LoadResource
LockResource
GetUserDefaultLangID
GetLocalTime
GetCommandLineA
RemoveDirectoryW
GetACP
MulDiv
MapViewOfFile
UnmapViewOfFile
FindResourceExA
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemDefaultLCID
ResetEvent
SetEndOfFile
GlobalMemoryStatusEx
GetSystemDefaultLangID
VirtualAllocEx
GetExitCodeThread
VirtualFreeEx
GetSystemDirectoryA
SetFileAttributesA
InitializeSListHead
InterlockedPopEntrySList
GetSystemTime
ReadProcessMemory
Module32First
GetFullPathNameW
GetFullPathNameA
UnlockFile
LockFile
UnlockFileEx
LoadLibraryW
FormatMessageW
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
AreFileApisANSI
GetCurrentDirectoryA
SuspendThread
GetThreadContext
OutputDebugStringA
CreateDirectoryW
RaiseException
FlushInstructionCache
lstrcmpA
TerminateThread
GetLongPathNameA
GetLogicalDrives
GetUserDefaultLCID
GetPrivateProfileStringA
lstrcmpiA
FileTimeToSystemTime
SystemTimeToFileTime
OpenFileMappingA
InterlockedPushEntrySList
VerifyVersionInfoA
VerSetConditionMask
SleepEx
PeekNamedPipe
GetFileType
GetStdHandle
RtlUnwind
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
VirtualProtect
VirtualQuery
FileTimeToLocalFileTime
GetFileInformationByHandle
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetStringTypeW
SetHandleCount
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
GetLocaleInfoW
SetEnvironmentVariableA
IsProcessorFeaturePresent
HeapSize
GetStringTypeExA
HeapReAlloc
HeapDestroy
GetLocaleInfoA
GetModuleHandleW
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
lstrcpyA
GetTimeFormatA
GetDateFormatA
GetOEMCP
IsValidCodePage
WriteConsoleA
MoveFileA
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
SetConsoleMode
SwitchToFiber
CreateFiber
DeleteFiber
HeapCreate
GetModuleHandleExW
ConvertFiberToThread
CreatePipe
GetModuleFileNameW
ConvertThreadToFiber
LoadLibraryExA
GetConsoleOutputCP
FindFirstFileW
FindNextFileW
DebugBreak
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetVersion
GetProcessHeap

user32

InsertMenuItemW
MessageBoxW
CreatePopupMenu
LoadImageA
TrackPopupMenu
GetCursorPos
DestroyMenu
DestroyIcon
FindWindowA
SetWindowTextA
UpdateWindow
DestroyWindow
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
IsDialogMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ShowWindow
RegisterWindowMessageA
CallWindowProcA
DefWindowProcA
GetMenu
CheckMenuItem
SetForegroundWindow
SetFocus
SetActiveWindow
MoveWindow
PostQuitMessage
GetWindow
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetDesktopWindow
GetClientRect
SetTimer
KillTimer
UpdateLayeredWindow
GetDC
LoadIconA
TranslateMessage
GetForegroundWindow
EnumWindows
GetWindowRect
IsWindow
GetWindowThreadProcessId
PostThreadMessageA
DispatchMessageA
GetMessageA
CharLowerBuffA
MessageBoxA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
InvalidateRect
EnableWindow
MsgWaitForMultipleObjectsEx
IsChild
GetParent
GetClassNameA
GetSysColor
DestroyAcceleratorTable
GetFocus
FillRect
CreateAcceleratorTableA
UnregisterDeviceNotification
RegisterDeviceNotificationA
EndDialog
SetDlgItemInt
SetDlgItemTextA
CreateDialogParamA
RemoveMenu
GetSubMenu
LoadMenuA
FlashWindowEx
SetClassLongA
GetSystemMetrics
SystemParametersInfoA
DrawTextA
ReleaseDC
GetDlgItem
IsWindowEnabled
IsWindowVisible
CharNextA
GetWindowTextA
GetWindowTextLengthA
SetWindowPos
ClientToScreen
ScreenToClient
BeginPaint
EndPaint
InvalidateRgn
RedrawWindow
ExitWindowsEx
UnregisterClassA
RegisterClassA
EnumChildWindows
LoadStringA
SetCapture
GetUserObjectInformationW
GetProcessWindowStation
CallNextHookEx
GetClassInfoExA
SendMessageA
ReleaseCapture

gdi32

GetObjectA
CreateSolidBrush
GetDIBits
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkMode
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontA

winspool.drv

EnumPrintersA

comdlg32

FindTextA
GetSaveFileNameA

advapi32

GetAclInformation
AddAce
RegEnumKeyA
RegNotifyChangeKeyValue
AddAccessAllowedAce
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeleteService
SetFileSecurityA
SetTokenInformation
RegSetKeySecurity
RegQueryInfoKeyA
SetSecurityInfo
GetTokenInformation
ConvertSidToStringSidA
CheckTokenMembership
CreateProcessAsUserA
DuplicateTokenEx
RegCreateKeyA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeAcl
MakeSelfRelativeSD
RegCreateKeyExA
RegDeleteKeyA
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegQueryValueExA
RegSetValueExA
OpenSCManagerA
GetSecurityDescriptorOwner

shell32

ShellExecuteA
SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
Shell_NotifyIconA

ole32

OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoInitializeEx
OleUninitialize
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
OleRun
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
VariantClear
VariantInit
VarBstrCat
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen
DispGetParam

shlwapi

SHCopyKeyA

userenv

GetProfilesDirectoryA

Exports

Exports

??0CNGCTraceProxy@@QAE@ABV0@@Z
??0CNGCTraceProxy@@QAE@XZ
??4CNGCTraceProxy@@QAEAAV0@ABV0@@Z
??_7CNGCTraceProxy@@6B@

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

085102782da116d57d7fd861ecacbd67

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cfCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

version

winmm

iphlpapi

setupapi

ws2_32

oleacc

dnsapi

dbghelp

psapi

crypt32

wldap32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 81KB - Virtual size: 259KB

.rsrc Size: 38KB - Virtual size: 37KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 81KB - Virtual size: 259KB

.rsrc
Size: 38KB - Virtual size: 37KB