a1d8fdca35d16eeb222ddd68e98a08bf[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a1d8fdca35d16eeb222ddd68e98a08bf.bin
Size

113KB
MD5

fc855add0ddfeaed793674edbc26fa16
SHA1

2945b2f9e93c83b66b3338f21a80f2eb77779694
SHA256

4758a12f405e2f59d583ab47a3cf13ddf34007bae0cd93f89d6dd5e80af22f7e
SHA512

b2d758d3c8b18612d1ba2ae3b1ad40f6a28646c0fca0db54062231aa5e1f180b5aa03159d4fe3c807fd2b333c17559b8cab00eb631ec5250b55100c5b13cd86f
SSDEEP

3072:qBHvGm0l43qaExVKfAj3Cm+00Xhjg4/l3hAdjhXZ:q9t0lW63CmbsVjl6Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/088fd63cdce0930d784105665f0b20b809b18900cb42116159a01c7b204543fa.exe

Files

a1d8fdca35d16eeb222ddd68e98a08bf.bin
.zip

Password: infected
088fd63cdce0930d784105665f0b20b809b18900cb42116159a01c7b204543fa.exe
.exe windows:6 windows x86

d61e85f70a169a987123cc8b7001f4d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
CreateFileW
EnumTimeFormatsW
IsValidLocale
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
WriteConsoleW

crypt32

CryptEncodeObject
CertDuplicateCertificateContext

rtutils

TracePrintfW
TracePutsExW
MprSetupProtocolEnum
TracePrintfExA
RouterLogEventDataW
TraceDeregisterExA
RouterLogEventA
TraceDeregisterA

mpr

WNetAddConnection2A
WNetOpenEnumW
WNetDisconnectDialog1W
WNetEnumResourceA
MultinetGetConnectionPerformanceW
WNetCancelConnectionA
WNetGetNetworkInformationW

odbc32

VFreeErrors
ord173
ord2
ord51
ord33
ord267
ord206

rtm

RtmDeleteRouteTable
MgmReleaseInterfaceOwnership
RtmDeleteRoute
MgmTakeInterfaceOwnership
RtmGetNextRoute
MgmGetFirstMfe
RtmGetNetworkCount
MgmInitialize

ws2_32

WSALookupServiceBeginA
connect
sendto
WSACancelBlockingCall
WEP
WSAEnumProtocolsW
WSAEnumNameSpaceProvidersW
WSAHtons
WSASetBlockingHook

mscms

SelectCMM
ord1
CreateProfileFromLogColorSpaceW
DisassociateColorProfileFromDeviceW
SetColorProfileElementReference
SetColorProfileHeader
EnumColorProfilesW
OpenColorProfileW
CheckBitmapBits
InstallColorProfileA
SetColorProfileElement

mswsock

GetAcceptExSockaddrs
rresvport
rcmd
GetTypeByNameA
GetAddressByNameW

advapi32

CryptReleaseContext
CryptAcquireContextW
CryptGenRandom

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d61e85f70a169a987123cc8b7001f4d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

rtutils

mpr

odbc32

rtm

ws2_32

mscms

mswsock

advapi32

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 11KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 11KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB