ca69314f346df9292818a9f56bedb3b2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

ca69314f346df9292818a9f56bedb3b2.bin
Size

212KB
MD5

fc47c799e5548d833a30e4d1518afe60
SHA1

a5a31c179c16cc1f0b5fb0c4c903fa40bad6423f
SHA256

f78cf46857119c32a71f555de0e1c5b09c7706820432adf2b1d575640cdf2c7b
SHA512

b0f60f45812b5b4696f510e28628b5368f9137dda5f204741d9a0c0ca607aa0a5d15919e2931ee367ffead75e1c30dd14793c540ef4281a4ffee1f66b605615e
SSDEEP

6144:hqG04CJ/KZP33j5uLMboD0lbpMZCmgDkXjRGp:hS4CdE5hw0l1qT+oRI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8901e289c92449e47212b5e6e948ee1d12e9d809af9026ea39834f595bc9f238.exe

Files

ca69314f346df9292818a9f56bedb3b2.bin
.zip

Password: infected
8901e289c92449e47212b5e6e948ee1d12e9d809af9026ea39834f595bc9f238.exe
.dll regsvr32 windows:6 windows x64

Password: infected

4beb0dcae5e6724f5845d7c7d4515e9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
ReadFile
CloseHandle
GetProcessHeap
SetFileApisToOEM
GetThreadErrorMode
GetSystemDefaultUILanguage
GetErrorMode
GetCurrentThreadId
GetCommandLineA
GetCurrentProcessorNumber
GetEnvironmentStringsW
IsSystemResumeAutomatic
GetCommandLineW
GetLargePageMinimum
GetOEMCP
IsDebuggerPresent
GetUserDefaultLangID
TlsAlloc
GetLogicalDrives
FlushProcessWriteBuffers
GetACP
AreFileApisANSI
GetCurrentProcess
GetCurrentThread
SwitchToThread
GetUserDefaultUILanguage
GetLastError
VirtualAlloc
UnregisterApplicationRecoveryCallback
RaiseException
InitializeCriticalSectionEx
DecodePointer
MultiByteToWideChar
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
lstrcmpiW
FreeLibrary
FreeEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapSize
GetFileType
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetTickCount64
SetStdHandle
ReadConsoleW
CreateFileW
WriteConsoleW
DeleteCriticalSection
OutputDebugStringW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

CreateMenu
GetClipboardViewer
GetKBCodePage
DestroyCaret
InSendMessage
GetMenuCheckMarkDimensions
GetOpenClipboardWindow
SetProcessDPIAware
GetClipboardSequenceNumber
GetForegroundWindow
GetProcessWindowStation
GetMessageTime
GetShellWindow
GetDialogBaseUnits
GetActiveWindow
CharNextW
AnyPopup
CountClipboardFormats
GetFocus
IsProcessDPIAware
EmptyClipboard

gdi32

GdiFlush

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

InitNetworkAddressControl

ole32

CoUninitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoFreeUnusedLibraries

oleaut32

VarUI4FromStr

Exports

Exports

DllMain
DllRegisterServer
Test1
Test4
blrsfpfkxfblllne
cadnjwhle
ctaqklmrzmhiin
czwbyjiaq
esshrzstzjwh
exbvqrunikqbzw
gfofpxedqlzytbihl
hfoehbarwg
jmcewmidkrky
jqjwvvfewg
jvdhlhmrxzcibdv
kknauvqankuit
mxnhgpoifyq
obnodeuwqhqlc
onbfyjornp
rdvqxjctsxrhed
rvdocumc
takplslwuapoggsab
thjnnsbwwrr
tnhpvlrx
tyeodyb
wawifqnkth
xjyqapchz
xwwctvzxch
ycfuzroqltdj
yugxfwnpjvwgyatf
ywljzmikteakwu
zatidhqoqupfxmath

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4beb0dcae5e6724f5845d7c7d4515e9c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 8KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 716B

.tls Size: 512B - Virtual size: 9B

.gehcont Size: 512B - Virtual size: 28B

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 8KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 716B

.tls
Size: 512B - Virtual size: 9B

.gehcont
Size: 512B - Virtual size: 28B

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 3KB - Virtual size: 3KB