0dbaff61a0d7eb35c23542fe980c8e30[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

0dbaff61a0d7eb35c23542fe980c8e30.bin
Size

1.6MB
MD5

1a556ee80fcf6d537f624ae11a9190a0
SHA1

2369322c271fb9f23127f6b75c363523f9fd19fd
SHA256

06faa5e61d3a3fc1e22b02ef6e2045e8f95e209190a98810b486f49bcf1bd1ad
SHA512

86ec93c911e03527599dbe31fbb6b8dc8503ee5cae3ec0e9b537aa647e0390574718426520472d173e35aca1c647e190ee4428273a2b67e14969db35acfc6ab4
SSDEEP

24576:XH+OK+UCMckBz9Oz8CaV3pua1FUrF/Vt4+YQfdppsF+9l5D33:4+UV5GatnMrK/QWUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594.exe

Files

0dbaff61a0d7eb35c23542fe980c8e30.bin
.zip

Password: infected
0771ddc1515150cf7bb2eaed7ce17db58bf1f3f963ec60b28e29266763c92594.exe
.exe windows:6 windows x64

Password: infected

67369187d395d43495f72ffdf9b69f9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx

kernel32

GetCurrentProcessId
SetHandleInformation
TryAcquireSRWLockExclusive
GetCurrentProcess
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetConsoleWindow
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetConsoleMode
ReleaseSRWLockShared
AcquireSRWLockShared
TerminateProcess
OpenProcess
Process32NextW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
Process32FirstW
CreateToolhelp32Snapshot
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
AcquireSRWLockExclusive
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
ReleaseSRWLockExclusive
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CloseHandle
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
UnhandledExceptionFilter
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
CompareStringOrdinal

user32

GetForegroundWindow
GetWindowLongPtrW
FindWindowA
ShowWindow
SetForegroundWindow
SetWindowLongPtrW
GetSystemMenu
RemoveMenu

advapi32

SystemFunction036
GetUserNameW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ws2_32

getpeername
getsockname
send
WSASend
WSASocketW
setsockopt
WSAIoctl
closesocket
WSAStartup
connect
ioctlsocket
getsockopt
shutdown
WSAGetLastError
freeaddrinfo
recv
getaddrinfo
WSACleanup
bind

secur32

FreeCredentialsHandle
EncryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore
CertFreeCertificateChain

bcrypt

BCryptGenRandom

vcruntime140

__C_specific_handler
__current_exception
__CxxFrameHandler3
memcmp
memcpy
_CxxThrowException
memset
memmove
__current_exception_context

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

terminate
_set_app_type
_seh_filter_exe
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
__p___argv
exit
_exit
_crt_atexit
__p___argc
_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

67369187d395d43495f72ffdf9b69f9b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

ws2_32

secur32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 15KB - Virtual size: 17KB

.pdata Size: 138KB - Virtual size: 137KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 15KB - Virtual size: 17KB

.pdata
Size: 138KB - Virtual size: 137KB

.reloc
Size: 21KB - Virtual size: 21KB