9853155dadf1092b2c6c93a7fcba241a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9853155dadf1092b2c6c93a7fcba241a.bin
Size

78KB
MD5

494811eb85ddbd958652a54837fbf181
SHA1

9c711abd4b05588e6db7cd979629438279d4ed06
SHA256

82f44e16a82300898f4bc6f5d20bd2e62e7474424395d85048a80e12ad088eb4
SHA512

648741210b5824c9f0dcfaa1b301fe631242c0ff83f027abe6ca10aa92655daf0d185ff867d93c45cec7855008cd904cc663fb2e5494d85fd1b897ac52717373
SSDEEP

1536:DAo23DShGrm2dxs3YzWCttG0t38LeAUYge5/7bnZfVBTzTzMDhYQhh:so2zSh+hhWPsCe7g5/Rt1fUF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5dce23221c5c4ce62fb33f2de5438ae15b86d796c39091cfb495ca01f8eb04c2.dll

Files

9853155dadf1092b2c6c93a7fcba241a.bin
.zip

Password: infected
5dce23221c5c4ce62fb33f2de5438ae15b86d796c39091cfb495ca01f8eb04c2.dll
.dll windows:5 windows x86

Password: infected

18fd1b1ec5b58182b9186e8627d5abfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
TlsGetValue
QueryPerformanceCounter
SetEvent
TlsSetValue
TerminateThread
Sleep
GetProcAddress
ResetEvent
LoadLibraryA
CreateEventW
WaitForMultipleObjects
QueryPerformanceFrequency
GetCurrentThreadId
TlsAlloc
CloseHandle
GetModuleFileNameA
GetFullPathNameA
CreateFileW
HeapSize
GetProcessHeap
SetEndOfFile
GetStringTypeW
LCMapStringW
WriteConsoleW
LoadLibraryW
HeapReAlloc
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
CreateFileA
SetStdHandle
SetFilePointer
ReadFile
MultiByteToWideChar
GetModuleFileNameW
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetTimeZoneInformation
SetLastError
GetLastError
GetFileAttributesA
CreateDirectoryA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitThread
ResumeThread
CreateThread
GetFileType
SetEnvironmentVariableA
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleHandleW
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsFree
CompareStringW

winmm

timeGetTime

ws2_32

connect
WSAStartup
inet_addr
select
WSAGetLastError
htons
setsockopt
WSACleanup
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send
ioctlsocket

Exports

Exports

CreateQueryObject

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

18fd1b1ec5b58182b9186e8627d5abfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

ws2_32

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB