a2d414d145cd2406736ca1cd467802ce[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a2d414d145cd2406736ca1cd467802ce.bin
Size

2.8MB
MD5

a2d414d145cd2406736ca1cd467802ce
SHA1

da405c73ebc148faf8cec9939dccb2cb25bbb432
SHA256

86084e365f9847f931aa28a12c4615566af94ac21157383d23379ae4c5b82a73
SHA512

b4fdc4d75cf67ee8b7e9efbbabfc7048bafee0073f61d3ca5239d17827a7746b91ee73bd056851f3f203eaf6ca9f0349875efb7d0b0c946cec84fb47bad72ce2
SSDEEP

49152:c36Gtlq9IU6i91ay/yqoGwCTBQTl+Hw5xCyXpGcrrdBUc1C7NPj9jTIXiOc6:C5+LayKqoGwCl1H9LcBUyC7F9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2d414d145cd2406736ca1cd467802ce.bin

Files

a2d414d145cd2406736ca1cd467802ce.bin
.exe windows:6 windows x64

56a31e2219e5f63d291db3d45e82a322

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
FindClose
GetTickCount64
GetModuleHandleW
GetTickCount
FreeConsole
CreateThread
FormatMessageA
GetLocaleInfoEx
FindFirstFileW
AreFileApisANSI
GetFileInformationByHandleEx
VirtualAllocEx
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
VirtualFreeEx
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetProcAddress
VirtualProtectEx
WriteProcessMemory
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
K32GetModuleInformation
Process32FirstW
LoadLibraryA
Process32NextW
GetFileAttributesA
K32GetModuleFileNameExA
GetModuleHandleA
LoadLibraryExA
GetCurrentProcess
VirtualProtect
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
FormatMessageW
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
Module32NextW
ReadProcessMemory
Module32FirstW
CreateToolhelp32Snapshot
GetProcessId
GetConsoleWindow
Sleep
SetConsoleTitleA
GetCurrentProcessId
CloseHandle
DeleteFileW
GetFileAttributesExW
GetLastError
OpenProcess
CreateFileW
lstrlenA
VirtualAlloc
LocalFree
VirtualFree
SetUnhandledExceptionFilter
CreateDirectoryW

user32

GetWindowTextW
SetForegroundWindow
SetWindowsHookExW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetClassNameW
SendMessageA
EnumWindows
UnhookWindowsHookEx
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
FindWindowA
CreatePopupMenu
PostQuitMessage
AppendMenuW
LoadCursorW
MessageBoxA
GetMessageW
DefWindowProcW
GetWindowRect
LoadIconW
RegisterClassExW
TrackPopupMenu
DispatchMessageW
CreateWindowExA
TranslateMessage
ShowWindow

gdi32

GetStockObject

shell32

SHGetKnownFolderPath
Shell_NotifyIconW

ole32

StringFromGUID2

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp140

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
_Xtime_get_ticks
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1_Lockit@std@@QEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?bad@ios_base@std@@QEBA_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?fail@ios_base@std@@QEBA_NXZ

dbghelp

SymUnloadModule64
SymInitializeW
SymLoadModuleExW
SymSetOptions
SymFromName
SymCleanup

urlmon

URLDownloadToFileW

ws2_32

ntohl
recvfrom
getnameinfo
sendto
shutdown
WSAGetLastError
inet_pton
__WSAFDIsSet
select
WSASetLastError
gethostname
bind
ioctlsocket
listen
connect
getpeername
getsockname
getsockopt
getaddrinfo
htons
freeaddrinfo
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
accept
closesocket
recv
send
socket
htonl

wldap32

ord46
ord211
ord22
ord301
ord200
ord143
ord60
ord30
ord79
ord50
ord35
ord33
ord32
ord26
ord27
ord41
ord45

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertCloseStore

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
memcpy
strrchr
memmove
memcmp
memchr
__std_exception_destroy
__std_exception_copy
__std_terminate
wcsstr
strstr
strchr

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
calloc
_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

fputc
__acrt_iob_func
fflush
fclose
fgetc
__stdio_common_vfprintf
fwrite
fgetpos
setvbuf
_open
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
_close
_write
fopen
_read
_set_fmode
__p__commode
fputs
__stdio_common_vsscanf
fseek
__stdio_common_vsprintf
ftell
fgets
__stdio_common_vswprintf
_lseeki64
_wfopen
feof
setbuf
clearerr
_setmode
_fileno
ferror

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
exit
_initialize_narrow_environment
_errno
raise
strerror_s
_register_onexit_function
_configure_narrow_argv
signal
_beginthreadex
__sys_nerr
strerror
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
system
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-convert-l1-1-0

strtoull
strtoll
strtod
atoi
strtoul
mbstowcs_s
_itoa_s
strtol
wcstombs
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_access
_fstat64i32
_stat64
_lock_file
_stat64i32
_unlock_file
_fstat64

api-ms-win-crt-string-l1-1-0

_strnicmp
isupper
strspn
strcspn
_stricmp
strcmp
tolower
_strdup
strpbrk
isspace
strncpy
_wcsicmp
strncmp

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_gmtime64
_localtime64
_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

api-ms-win-crt-environment-l1-1-0

getenv

bcrypt

BCryptGenRandom

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a31e2219e5f63d291db3d45e82a322

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp140

dbghelp

urlmon

ws2_32

wldap32

crypt32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

bcrypt

advapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 674KB - Virtual size: 673KB

.data Size: 23KB - Virtual size: 42KB

.pdata Size: 82KB - Virtual size: 82KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 674KB - Virtual size: 673KB

.data
Size: 23KB - Virtual size: 42KB

.pdata
Size: 82KB - Virtual size: 82KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 25KB - Virtual size: 24KB