4e2d9fd9badcd85fc1acdf93d1dc4dc6[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4e2d9fd9badcd85fc1acdf93d1dc4dc6.bin
Size

7.9MB
MD5

b8020841ea9fd7f4e42d274434d6fec2
SHA1

d3e54f4264021d8ce4474a5e6cffcac9674c72cf
SHA256

6bcd8161374269f945f60065e96a567b32ccf016d81c3a02daf4b459bfd5b8d1
SHA512

e910d8dacef7827e05a8b4e863e824135d808a736e0a5cde7d9a505e30732bbe9642303e29280821aea4608b4d67ac4770967fa84cfabd8b5ad39d9f0b57a09c
SSDEEP

196608:kKeW3fK21bSfewgFYfcPJIN6j3rGYNfCL8eYN/VtTl:kKPS2Ef/GS6j3r+tkXTl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/75c0f192dc7210e0a9febc5bce2b38e484e4d3fd3f3ac04775cc2ca12cedd959.bin

Files

4e2d9fd9badcd85fc1acdf93d1dc4dc6.bin
.zip

Password: infected
75c0f192dc7210e0a9febc5bce2b38e484e4d3fd3f3ac04775cc2ca12cedd959.bin
.exe windows:5 windows x86

45353117c90005b66833fc08c1b39216

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_MaxDataListLength
HidD_FreePreparsedData
HidP_GetData
HidP_GetValueCaps
HidD_GetHidGuid

kernel32

InterlockedIncrement
InterlockedDecrement
GetFullPathNameW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
FormatMessageA
SystemTimeToFileTime
GetLocalTime
GetTimeZoneInformation
LocalFree
GetSystemInfo
GetModuleFileNameW
InitializeCriticalSection
ResetEvent
GetTickCount
ReadFile
SetFilePointerEx
WriteFile
SetEndOfFile
GetFileAttributesExW
CreateFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
LoadLibraryExW
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
RemoveDirectoryW
SetFileTime
GetSystemTime
GetDiskFreeSpaceExA
lstrcpynA
lstrcpyA
lstrcpynW
GetCommandLineW
ExpandEnvironmentStringsW
ResumeThread
GetThreadContext
SuspendThread
OutputDebugStringA
GetEnvironmentVariableA
GetFileAttributesA
GetModuleFileNameA
GetVersionExA
GetCurrentDirectoryA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetComputerNameW
GetTempPathW
LocalAlloc
SetUnhandledExceptionFilter
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetOverlappedResult
CancelIo
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
lstrlenA
GetFileTime
VirtualQuery
GlobalMemoryStatus
RaiseException
DecodePointer
EncodePointer
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
ExitProcess
GetModuleHandleA
GetCurrentThreadId
DuplicateHandle
SetConsoleCtrlHandler
ExitThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
FileTimeToSystemTime
GetDriveTypeA
FindFirstFileExA
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
UnhandledExceptionFilter
TerminateProcess
HeapCreate
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InterlockedExchange
FlushFileBuffers
SetStdHandle
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
GetProcessAffinityMask
InterlockedExchangeAdd
VirtualProtect
VirtualAlloc
VirtualFree
FlushConsoleInputBuffer
SwitchToThread
SetThreadAffinityMask
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
SetConsoleMode
ReadConsoleInputA
GetDateFormatA
GetTimeFormatA
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetVersion
SleepEx
GetQueuedCompletionStatus
CreateIoCompletionPort
SetHandleInformation
FormatMessageW
GetSystemTimeAsFileTime
HeapQueryInformation
InitializeCriticalSectionAndSpinCount
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetThreadPriority
CreateThread
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapSize
CreateMutexA
ReleaseMutex
InterlockedCompareExchange
GetModuleHandleW
SetDllDirectoryW
CreateDirectoryW
WaitForSingleObject
WideCharToMultiByte
LoadLibraryA
SetEvent
IsDebuggerPresent
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DeleteFileW
CopyFileW
GetStartupInfoA
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventA
CloseHandle
Sleep
SetLastError
GetLastError
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
SetErrorMode

user32

SystemParametersInfoW
GetAsyncKeyState
ClientToScreen
RegisterRawInputDevices
GetMessageTime
MapVirtualKeyExA
GetMessagePos
GetRawInputData
GetKeyNameTextW
LoadKeyboardLayoutA
GetRawInputDeviceInfoW
GetRawInputDeviceList
wvsprintfA
GetWindowLongW
SetWindowLongW
PostQuitMessage
GetMonitorInfoA
SetFocus
GetFocus
ShowCursor
SetWindowTextW
GetDlgItem
IsDlgButtonChecked
CopyImage
SetWindowLongA
KillTimer
GetMessageA
PeekMessageA
SetWindowPos
SetCursorPos
RegisterDeviceNotificationW
GetMessageExtraInfo
PtInRect
MessageBoxA
DispatchMessageA
UnregisterDeviceNotification
ReleaseCapture
DestroyIcon
DestroyCursor
ChangeDisplaySettingsA
SetCursor
GetSystemMetrics
GetDC
ReleaseDC
CreateIconIndirect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetCursorPos
WindowFromPoint
IsWindowVisible
GetCaretBlinkTime
EnumDisplaySettingsA
MessageBoxW
UpdateWindow
GetKeyState
LoadImageW
DialogBoxParamA
EndDialog
SetForegroundWindow
ScreenToClient
CheckDlgButton
GetAncestor
CreateDialogParamW
PeekMessageW
TranslateMessage
DispatchMessageW
SetCapture
RegisterClassExW
DialogBoxParamW
LoadIconA
SendDlgItemMessageW
SetDlgItemTextA
SetDlgItemTextW
CopyRect
OffsetRect
GetDesktopWindow
AdjustWindowRectEx
GetWindowPlacement
ClipCursor
MonitorFromWindow
GetWindowRect
IsDialogMessageW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
UnregisterClassW
DestroyWindow
DefWindowProcW
RegisterClassW
CreateWindowExW
EnumDisplayMonitors
EnumDisplayDevicesA
GetClientRect
EnableWindow
SetTimer
ShowWindow
GetParent
ValidateRect
MsgWaitForMultipleObjects
CreateDialogParamA
GetWindowLongA
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
RegisterWindowMessageA
SendMessageTimeoutA
IsIconic
LoadCursorA
wsprintfA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ole32

PropVariantClear
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
StringFromGUID2
CoInitialize

shlwapi

PathFileExistsW
SHDeleteKeyW
PathCanonicalizeW

advapi32

RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptImportKey
CryptVerifySignatureA
CryptDestroyKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
RegOpenKeyExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

ChoosePixelFormat
SwapBuffers
GetDeviceCaps
SetPixelFormat
GetObjectA
DeleteObject
CreateBitmap
CreateDIBSection

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC

winmm

waveInGetNumDevs
timeGetTime
timeEndPeriod
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeBeginPeriod

ws2_32

WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSASetEvent
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSACleanup
ntohl
htonl
ntohs
htons
getpeername
getprotobyname
recv
gethostbyname
shutdown
listen
accept
WSARecvFrom
WSAIoctl
getnameinfo
getaddrinfo
recvfrom
sendto
send
gethostname
socket
connect
bind
inet_addr
WSAStartup
select
__WSAFDIsSet
inet_ntoa
getsockname
freeaddrinfo
WSASocketA
WSASetLastError
WSAGetLastError
setsockopt
ioctlsocket
getsockopt
closesocket

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.2MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

45353117c90005b66833fc08c1b39216

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

user32

version

ole32

shlwapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 14.2MB - Virtual size: 14.2MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 257KB - Virtual size: 1.0MB

.rodata Size: 3KB - Virtual size: 2KB

.trace Size: 7KB - Virtual size: 6KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 554KB - Virtual size: 553KB

.reloc Size: 583KB - Virtual size: 582KB

.text
Size: 14.2MB - Virtual size: 14.2MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 257KB - Virtual size: 1.0MB

.rodata
Size: 3KB - Virtual size: 2KB

.trace
Size: 7KB - Virtual size: 6KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 554KB - Virtual size: 553KB

.reloc
Size: 583KB - Virtual size: 582KB