85fc3ec958139ab698ee0dd8b81f451d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

85fc3ec958139ab698ee0dd8b81f451d.bin
Size

170KB
MD5

fb65bab3e7e5ea3bd7a32f351175fb8c
SHA1

3175db6246d0cb054f37b3f38465636e9f75add3
SHA256

ee803db4064c8107f803cbecfc9d5aebe0cf36203c20204dea71ec581a2eafa6
SHA512

9030c3b2e4846ecb64287e1f0d0540bb1ba3892ceef351f79c8e496aef0dcf7562f629bb6ce9524c4d9afa952d2ccced44f78c4162b044e850bdb617816bac96
SSDEEP

3072:nMPuD/3H1Qx5SUaF4TqiyZozy6iHT7ImC0yJzyO6rqxkSL8Il+A+i7lLuQ:nMPCHAMUyDozityJzyO6Z5Il+AJIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7f2a0809944a8ada70af8dca8db7ebd2dcd62fdfa3dea33f36dff97cb5025a04.dll

Files

85fc3ec958139ab698ee0dd8b81f451d.bin
.zip

Password: infected
7f2a0809944a8ada70af8dca8db7ebd2dcd62fdfa3dea33f36dff97cb5025a04.dll
.dll windows:6 windows x86 arch:x86

Password: infected

818a40588dad333f2e2ef5d898390c82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
WriteProcessMemory
GetProcAddress
LoadLibraryW
DecodePointer
OutputDebugStringW
WriteConsoleW
CreateFileW
ReadConsoleW
ReadFile
CloseHandle
HeapReAlloc
HeapSize
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetConsoleMode
GetCurrentThreadId
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
LocalFree
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
FlushFileBuffers
WriteFile
GetConsoleOutputCP

oleaut32

SetErrorInfo
VariantChangeType
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
CreateErrorInfo
SafeArrayCreate
SysFreeString
SysAllocString
SafeArrayDestroy
GetErrorInfo

mscoree

CLRCreateInstance

Exports

Exports

VoidFunc
_ReflectiveLoader@4

Sections

.textbss
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 755B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

818a40588dad333f2e2ef5d898390c82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

mscoree

Exports

Exports

Sections

.textbss Size: - Virtual size: 173KB

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 21KB - Virtual size: 26KB

.idata Size: 3KB - Virtual size: 3KB

.msvcjmc Size: 1024B - Virtual size: 755B

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.textbss
Size: - Virtual size: 173KB

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 21KB - Virtual size: 26KB

.idata
Size: 3KB - Virtual size: 3KB

.msvcjmc
Size: 1024B - Virtual size: 755B

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB