473e9e1459a6b7059e839eb68a4c9023[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

473e9e1459a6b7059e839eb68a4c9023.bin
Size

219KB
MD5

473e9e1459a6b7059e839eb68a4c9023
SHA1

69ced0b16552d4491a5cb2bc897ff070958285ba
SHA256

31d33d39dd5eafed2f9436af8b25f8c883beb2cce02433eff0122924b08e7da9
SHA512

99273e1477df9d8f6942864ccde8ed2c4d0f14e798e2ba45e546e499db09d24c20a197c2db2c55367ecfeede67349d6c13f713aaa5d39f88c952e2f0a9370336
SSDEEP

6144:kYy6khNljC60IhXOcj0rrSiKhRIjHo1xfzrz2E+be:kYy6rLIgHrS9Wofbrz2fe

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install.exe
unpack001/webview.dll

Files

473e9e1459a6b7059e839eb68a4c9023.bin
.zip

Password: infected
Install.exe
.exe windows:4 windows x86 arch:x86

Password: infected

7201cfdd9376eb1642f76a3371cff250

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
CreateProcessA
CopyFileA
GetSystemDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
CloseHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
webview.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Password: infected

e9545216525d0cfd74e46695d200ab1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutReset
waveOutWrite
waveOutOpen
waveOutPrepareHeader
waveOutPause
waveOutUnprepareHeader
waveOutClose

comctl32

ImageList_Add
ImageList_Create

ddraw

DirectDrawCreateEx

ws2_32

recv
closesocket
send
connect
gethostbyname
socket
htons
inet_addr

kernel32

GetStringTypeW
GetStringTypeA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
TerminateProcess
ExitProcess
GetModuleHandleA
GetProcAddress
HeapFree
HeapAlloc
RtlUnwind
GetVersion
GetCommandLineA
GetLocalTime
GetACP
GetOEMCP
LoadLibraryA
CreateEventA
GetDiskFreeSpaceExA
GetDriveTypeA
LocalAlloc
LocalFree
FindFirstFileA
FindClose
CreateDirectoryA
GetPrivateProfileIntA
CreateFileA
CreateThread
ReadFile
WritePrivateProfileStringA
SetFilePointer
WriteFile
CloseHandle
Sleep
GetPrivateProfileStringA
GetCurrentProcess
FlushInstructionCache
lstrlenA
lstrcpyA
lstrcatA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DisableThreadLibraryCalls
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStartupInfoA

user32

ShowWindow
GetWindowRect
SetWindowPos
CreateDialogParamA
GetFocus
EndPaint
GetClientRect
BeginPaint
DestroyWindow
IsChild
SetFocus
DefWindowProcA
wsprintfA
InvalidateRect
GetSystemMetrics
EnumDisplaySettingsA
ReleaseDC
FindWindowA
FindWindowExA
LoadImageA
LoadMenuA
GetSubMenu
SetClassLongA
PostMessageA
LoadCursorA
EnableWindow
CheckMenuRadioItem
KillTimer
SetTimer
EnableMenuItem
TrackPopupMenuEx
GetCursorPos
TrackPopupMenu
EndDialog
GetActiveWindow
DialogBoxParamA
FillRect
GetDC
CheckMenuItem
ClientToScreen
LoadBitmapA
GetDlgItem
InsertMenuItemA
DeleteMenu
SendMessageA
LoadStringA
MessageBoxA
CallWindowProcA
GetWindowLongA
SetWindowLongA
GetClassInfoExA
RegisterClassExA
CreateWindowExA
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
GetParent
IsWindow

gdi32

GetPixel
DeleteObject
SetBkMode
SetTextColor
TextOutA
CreateMetaFileA
CreateSolidBrush
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
LPtoDP
SetPixel
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreatePen
CreateCompatibleDC
EndDoc
EndPage
StretchDIBits
SetStretchBltMode
StretchBlt
SelectObject
SaveDC
CreateBitmap
StartPage
StartDocA
CreatePatternBrush
GetObjectA
SetROP2
LineTo
MoveToEx
SetWindowExtEx
GetDeviceCaps
Polyline

comdlg32

PrintDlgA
GetOpenFileNameA
GetSaveFileNameA

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemFree
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoTaskMemAlloc

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame

atl

ord50
ord31
ord51
ord46
ord58
ord43
ord30
ord27
ord26
ord32
ord57
ord18
ord15
ord16
ord21
ord23
ord44

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7201cfdd9376eb1642f76a3371cff250

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

Password: infected

e9545216525d0cfd74e46695d200ab1f

Headers

File Characteristics

Imports

winmm

comctl32

ddraw

ws2_32

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

atl

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 275KB

.rodata Size: 12KB - Virtual size: 8KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 442KB

.rsrc Size: 248KB - Virtual size: 247KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB

.text
Size: 276KB - Virtual size: 275KB

.rodata
Size: 12KB - Virtual size: 8KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 442KB

.rsrc
Size: 248KB - Virtual size: 247KB

.reloc
Size: 16KB - Virtual size: 15KB