ab3a0fab24cb2a88056cfac8216b0778[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ab3a0fab24cb2a88056cfac8216b0778.bin
Size

1.7MB
MD5

6207dfb3a7264d3320f8159b9eeb29bc
SHA1

e8b0c2d16fa24bed6bfe0cd075a6a22be906398e
SHA256

4e90ee8039f51fcae8307451697ad2c9313b0324a4c651684b8ea8c3c99a6b59
SHA512

2b0b2c89095a15308bf1865f0fec65ebf9c31e394249cc20295a536a70f6f64def55d6951decc9db021d01d08e17c61374cefa453c00463c867122dfae9d1659
SSDEEP

49152:82CyfPm34JL8fjL2WCvxrxaqt4vBRuH87SyNp:89yfu3bhCfaS4vLSy/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/qeriuwjhrf

Files

ab3a0fab24cb2a88056cfac8216b0778.bin
.zip

Password: infected
30c78db1ab003562954baf5e160e63c5f6f85830da09dd0fe259caff8286780a.zip
.zip

Password: infected
qeriuwjhrf
.exe windows:5 windows x86 arch:x86

Password: infected

3d219f4681878926caf828436244e95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
FoldStringW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
GetLocalTime
OpenFileMappingW
SetThreadExecutionState
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
SetFileTime
SetFileAttributesW
GlobalAlloc
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
GetFileAttributesW
ReadFile
GetFileType
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GetCPInfo
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
SetWindowLongW
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadBitmapW
IsDialogMessageW
PostMessageW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
LoadIconW

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

3d219f4681878926caf828436244e95f

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 133KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 133KB

.rsrc
Size: 14KB - Virtual size: 14KB