e857074f286f76a76a088c6ddc4be6f1[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e857074f286f76a76a088c6ddc4be6f1.bin
Size

6.5MB
MD5

5d79f10fcc156062ca31b051ed3b8e3a
SHA1

71f12d2b0a151c83f03e744e2bdf6611c194df27
SHA256

bb9dfa3ed94bdc9d8ab2169b4ba1f15f89c71d55b3805526aab84e3c3693a1be
SHA512

619f635bf6a4f53888f48a30d7d0a15c0b59d08f66100bc6690de745c2fd3a21c80da692572ae6f08e944f4d1b106e70594d5d90ef8784668391fa0e82abd8d0
SSDEEP

196608:0o1s6UbfMgnWOlpeibVobIXoUYiPEfs35Hb:0fWOlQSVofUYiasxb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/338183f71622cd3b8ca2816a3fb8a925731810f40a6d843f82c195fb25384bbc.exe

Files

e857074f286f76a76a088c6ddc4be6f1.bin
.zip

Password: infected
338183f71622cd3b8ca2816a3fb8a925731810f40a6d843f82c195fb25384bbc.exe
.exe windows:6 windows x64

Password: infected

3b05ffb6feb50551604654284ff6bf22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cudart64_80

cudaDriverGetVersion
cudaSetDeviceFlags
cudaSetDevice
cudaGetDeviceProperties
cudaDeviceSetCacheConfig
cudaDeviceReset
cudaGetDeviceCount
__cudaRegisterFunction
__cudaRegisterVar
__cudaUnregisterFatBinary
__cudaRegisterFatBinary
cudaMemset
cudaMemcpy
cudaLaunch
cudaSetupArgument
cudaConfigureCall
cudaMalloc
cudaGetErrorString
cudaGetLastError

kernel32

MultiByteToWideChar
ExpandEnvironmentStringsA
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
SetWaitableTimer
WaitForSingleObject
QueryPerformanceFrequency
CloseHandle
CreateWaitableTimerA
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetThreadPriority
Sleep
GetCurrentThread
SetThreadContext
WideCharToMultiByte
TlsFree
FormatMessageA
VerifyVersionInfoA
FreeLibrary
VerSetConditionMask
RtlLookupFunctionEntry
TlsSetValue
TlsGetValue
GetModuleHandleA
TlsAlloc
ResumeThread
GetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SleepEx
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetThreadContext
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateEventA
ReleaseSemaphore
GetTickCount64
ResetEvent
SetEvent
SetLastError
GetLastError
LoadLibraryA
DuplicateHandle
WaitForMultipleObjects
CreateSemaphoreA
RtlCaptureContext
GetModuleHandleW
InitializeSListHead
GetProcAddress
GetSystemDirectoryA

ws2_32

WSAGetLastError
recv
socket
send
select
WSAIoctl
ntohl
htonl
gethostname
ioctlsocket
sendto
WSAStartup
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
__WSAFDIsSet
setsockopt
ntohs
htons
WSASetLastError
getsockopt
getsockname
getpeername
bind
connect
closesocket

advapi32

CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

crypt32

CertFreeCertificateContext

wldap32

ord60
ord211
ord32
ord33
ord35
ord79
ord30
ord46
ord143
ord301
ord50
ord41
ord22
ord26
ord27
ord200

normaliz

IdnToAscii

winmm

timeEndPeriod
timeBeginPeriod

vcruntime140

__intrinsic_setjmp
__C_specific_handler
memcpy
memcmp
memset
longjmp
memchr
strrchr
strstr
strchr
memmove

api-ms-win-crt-math-l1-1-0

_hypotf
_dclass
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

__p___argv
_getpid
exit
__sys_nerr
_endthreadex
strerror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
terminate
__p___argc
_beginthreadex
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fwrite
fgetc
__p__commode
_set_fmode
_read
_write
_close
_open
fclose
fopen
__stdio_common_vsprintf
__stdio_common_vsscanf
fputs
fgets
fputc
fflush
fseek
fread
__stdio_common_vfprintf
_lseeki64
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

isspace
_stricmp
isdigit
_strnicmp
strncpy
strtok
isalpha
isxdigit
strpbrk
isalnum
isgraph
isprint
strncmp
tolower
_strdup
strcmp
islower
isupper
strncat_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_ftime64_s
_localtime64
_gmtime64
_ftime64
_time64

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

_strtoi64
strtod
atoi
atof
strtol
strtoul
strtoll

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
calloc
free

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nv_fatb
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nvFatBi
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ctors
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dtors
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3b05ffb6feb50551604654284ff6bf22

Headers

DLL Characteristics

File Characteristics

Imports

cudart64_80

kernel32

ws2_32

advapi32

crypt32

wldap32

normaliz

winmm

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 3KB - Virtual size: 16KB

.pdata Size: 19KB - Virtual size: 18KB

.nv_fatb Size: 11.7MB - Virtual size: 11.7MB

.nvFatBi Size: 512B - Virtual size: 72B

.ctors Size: 512B - Virtual size: 8B

.dtors Size: 512B - Virtual size: 8B

.gfids Size: 512B - Virtual size: 28B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 3KB - Virtual size: 16KB

.pdata
Size: 19KB - Virtual size: 18KB

.nv_fatb
Size: 11.7MB - Virtual size: 11.7MB

.nvFatBi
Size: 512B - Virtual size: 72B

.ctors
Size: 512B - Virtual size: 8B

.dtors
Size: 512B - Virtual size: 8B

.gfids
Size: 512B - Virtual size: 28B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB