a194ad7a3fe74fb6a1749a0d72bdaa79[.]bin

General

Target

a194ad7a3fe74fb6a1749a0d72bdaa79.bin
Size

12KB
MD5

401fafd92ab695334291bc47b432952a
SHA1

ce33cb99dabc46b9f5adf267dc2c504cd58530af
SHA256

2b3b6c85a4147f1302008df58a7ccd65549df3e0d0de5b148732a92ecaa7b9d9
SHA512

5c306c9f59eacf82fcfcf9f3b4aa863752d79038ec6e77eca251065619e6e404e3c4bed933a63657b6be2e2d0342e7b2c199cb33372577cd2e859d1f77265a58
SSDEEP

384:FqIU9n8wgOf2H5UchQBE6qr5RfIt0JP2gq:3U85PQONzlJO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/37d8436aa414c5df4340f06fdeac9bb1ba1ec2a8a48918d6d96948e9ba1d862d.dll

Files

a194ad7a3fe74fb6a1749a0d72bdaa79.bin
.zip

Password: infected
37d8436aa414c5df4340f06fdeac9bb1ba1ec2a8a48918d6d96948e9ba1d862d.dll
.dll windows:6 windows x86 arch:x86

Password: infected

2dc5e55f04275b1ccf1b46d5155429b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
EnumSystemCodePagesW
HeapAlloc

msacm32

acmFormatTagEnumA
acmFormatTagDetailsA
acmFormatTagDetailsW
acmGetVersion
XRegThunkEntry
acmStreamClose
acmFilterChooseA

urlmon

URLDownloadA
IsValidURL
CreateAsyncBindCtxEx
CreateFormatEnumerator
URLOpenPullStreamA

shell32

Shell_NotifyIcon
ExtractAssociatedIconW
Shell_NotifyIconA

winspool.drv

DeletePrintProvidorA
AddPrinterW
EnumPrintersW
AddFormA
ScheduleJob
EnumPrinterDriversA

winmm

timeGetSystemTime
waveOutBreakLoop
midiStreamStop
mmioStringToFOURCCW
PlaySound

loadperf

UnloadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

msvcrt

_adjust_fdiv
malloc
_initterm
free
memset
memcpy

Exports

Exports

ilklllefjl

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2dc5e55f04275b1ccf1b46d5155429b4

Headers

File Characteristics

Imports

kernel32

msacm32

urlmon

shell32

winspool.drv

winmm

loadperf

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.bss Size: - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 12KB - Virtual size: 11KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B