0d01312113f384269b563141f330c83f[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

0d01312113f384269b563141f330c83f.bin
Size

3.8MB
MD5

3134867857a8b6b845641afdf3350fac
SHA1

eaad072470132e22cb51b70346ee95c69f589068
SHA256

558b7de8d72ac9f3162d24facf3701b1c0ef10fcf8beca1a0b8de621445c17a4
SHA512

8b11e7139628a545a2e290dc762e4902424cc48b8c270a77936b65c63c0e87bcb951c597d3eb2028add9b10b82dc1602cee355f894f43fd7ebfed9a9f82a51b2
SSDEEP

98304:rr+Teb4YdPohO9AXqQs5aW3h447yY7CXQR8fSpWj0d4U:XSC4YdohO9A6Qs5bM40SA0d4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b0d53fb5bcbe071cf9748f93a13a9067c52615f7257f3e6025567c180f094849.exe

Files

0d01312113f384269b563141f330c83f.bin
.zip

Password: infected
b0d53fb5bcbe071cf9748f93a13a9067c52615f7257f3e6025567c180f094849.exe
.exe windows:4 windows x86

Password: infected

43064c3f26ad08fbdd86b66cff92ab66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

PlaySoundA

kernel32

FreeLibrary
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
MoveFileA
SetFilePointer
WritePrivateProfileStringA
GetShortPathNameA
MoveFileExA
GetDiskFreeSpaceA
lstrcpynA
WideCharToMultiByte
CreateEventA
SetErrorMode
GetModuleFileNameA
GetWindowsDirectoryA
TlsSetValue
SetUnhandledExceptionFilter
DeleteCriticalSection
TlsFree
InterlockedDecrement
TlsGetValue
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
IsBadReadPtr
GetCurrentThread
ReadProcessMemory
IsBadWritePtr
SetEndOfFile
InitializeCriticalSection
TlsAlloc
VirtualUnlock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersionExA
GetCurrentProcess
GetModuleHandleA
HeapFree
GetCurrentThreadId
TerminateProcess
GetExitCodeProcess
GetVersion
OutputDebugStringA
HeapAlloc
GetSystemInfo
SetEvent
SetThreadPriority
CreateThread
GetTickCount
Sleep
GetVolumeInformationA
GetFileAttributesA
SetCurrentDirectoryA
lstrcmpA
DeleteFileA
GetEnvironmentVariableA
SetLastError
lstrlenA
lstrcpyA
lstrcatA
ExitProcess
GetLastError
FormatMessageA
GetLocalTime
MultiByteToWideChar
WaitForSingleObject
CreateProcessA
SetVolumeLabelA
GetDriveTypeA
WriteFile
GetFileSize
ReadFile
VirtualLock
CloseHandle
RaiseException
FlushFileBuffers
CreateFileA
FindNextFileA
lstrcmpiA
FindFirstFileA
CreateDirectoryA
FindClose
RemoveDirectoryA
VirtualAlloc
GetCurrentDirectoryA
GetProcessHeap
GetFullPathNameA
VirtualFree
GetStringTypeA
GetOEMCP
GetCPInfo
SetStdHandle
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
ResumeThread
RtlUnwind
GetStringTypeW
IsBadCodePtr
GetACP

user32

ReleaseCapture
SetWindowLongA
GetDlgItemTextA
GetDlgItem
SetFocus
MessageBeep
CallWindowProcA
InvalidateRect
PeekMessageA
TranslateMessage
DispatchMessageA
ShowCursor
DestroyWindow
EnableWindow
SetCursor
GetParent
ExitWindowsEx
GetDC
ReleaseDC
GetWindowRect
SetWindowPos
LoadStringA
KillTimer
WaitForInputIdle
SetTimer
EndDialog
SetDlgItemTextA
DialogBoxParamA
wvsprintfA
MessageBoxA
wsprintfA
SetActiveWindow
LoadCursorA
SetCapture
EndPaint
GetWindowTextA
BeginPaint
ShowWindow
RegisterWindowMessageA
CreateWindowExA
GetWindowLongA
GetDesktopWindow
DestroyCursor
GetForegroundWindow
CreateCursor
RegisterClassA
IsWindow
IsWindowVisible
SetClassLongA
MoveWindow
WaitMessage
FindWindowA
GetLastActivePopup
GetTopWindow
SetForegroundWindow
DefWindowProcA
GetActiveWindow
PostQuitMessage
LoadIconA
LoadImageA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
PostMessageA
SetWindowTextA
SendMessageA

gdi32

BitBlt
SetPaletteEntries
DeleteObject
SetDIBColorTable
RealizePalette
SelectPalette
CreatePalette
CreateCompatibleDC
CreateDIBSection
SelectObject
GetStockObject
GetDeviceCaps
GetSystemPaletteEntries
DeleteDC

comdlg32

GetSaveFileNameA

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyA
RegQueryInfoKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetMalloc
ShellExecuteA
FindExecutableA
SHGetDesktopFolder

ole32

CoInitialize
CoCreateInstance

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

43064c3f26ad08fbdd86b66cff92ab66

Headers

File Characteristics

Imports

version

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 57KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 57KB

.rsrc
Size: 24KB - Virtual size: 20KB