d0b4588a2c2ac678b96fe4d08df57811[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

d0b4588a2c2ac678b96fe4d08df57811.bin
Size

2.0MB
MD5

57e29c586433521fe963d66afc86de3f
SHA1

2a3123a037af9b6575239e87e4bcc74a64d83a78
SHA256

ee970c7c69c24bca5869f778864832f957790670183ce739bfb59153f821192a
SHA512

cade02ab6c9519c938d3c8443236334e113b65111a2b031abe58e930440b9ee28bf1ac4e4540e621b4e43d5d669379c3592962059a29d9a8830dc34ff2ab4cf1
SSDEEP

49152:e8Kc6Tik9z+6XpjlIS9Pdu63whRLaCSQPSgUTLfTahOg+PMeOh:nUz+2MSwSE+fbNQjh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/de6542fa74721a47a4a04866b604b6633544427c66930c049b76bf5d5c786146.dll

Files

d0b4588a2c2ac678b96fe4d08df57811.bin
.zip

Password: infected
de6542fa74721a47a4a04866b604b6633544427c66930c049b76bf5d5c786146.dll
.dll windows:5 windows x86 arch:x86

Password: infected

bc7e59ca22c2d776ec736b2e5691ca67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprapi

MprAdminMIBServerConnect

lz32

LZSeek
LZCopy
GetExpandedNameW

secur32

ApplyControlToken

urlmon

URLDownloadToFileW

gdi32

ScaleWindowExtEx
StartPage
GetTextExtentPoint32A
SetTextColor
CreateBitmapIndirect
SwapBuffers
GetEnhMetaFileBits
RestoreDC
LineDDA
SetBoundsRect

netapi32

NetLocalGroupEnum

oleaut32

SafeArrayCreate
BSTR_UserMarshal
GetErrorInfo
SafeArrayAccessData
GetRecordInfoFromGuids

wininet

InternetOpenW
InternetAutodialHangup

msvfw32

DrawDibOpen

avifil32

AVIStreamStart

imm32

ImmGetIMEFileNameW

ole32

OleLoadFromStream
CoRevokeInitializeSpy
CreateItemMoniker
CoReleaseServerProcess
OleLockRunning
CoFreeLibrary
GetHGlobalFromILockBytes
CoRevokeClassObject
CoCreateInstance

shlwapi

SHSetValueA
SHDeleteKeyA
StrStrIW
StrRStrIA
SHQueryValueExW
StrRStrIW
SHRegCloseUSKey
PathRenameExtensionW
HashData

crypt32

CryptFindCertificateKeyProvInfo
CryptSIPRemoveSignedDataMsg
CryptUnregisterDefaultOIDFunction
CryptSIPCreateIndirectData
CertGetPublicKeyLength
CryptImportPublicKeyInfo

clusapi

GetClusterResourceNetworkName

winspool.drv

AddJobW
GetPrinterDataExW
SetPrinterDataW

esent

JetUpdate

wintrust

CryptCATCDFEnumAttributes
CryptCATHandleFromStore

winscard

SCardListCardsW
SCardConnectA

msacm32

acmStreamPrepareHeader

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetLocaleInfoW
HeapSize
GetCommandLineA
FreeEnvironmentStringsW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
SetStdHandle
HeapCreate
WriteFile
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
ReadFile
IsValidLocale
EnumSystemLocalesA
VirtualProtect
PulseEvent
GetLongPathNameA
GetCalendarInfoW
SetEvent
LoadLibraryExA
TerminateProcess
InterlockedPopEntrySList
Process32FirstW
OpenMutexA
GetModuleFileNameA
GlobalSize
GetUserDefaultLangID
OutputDebugStringA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FatalAppExitA
HeapFree
Sleep
ExitProcess
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA

pdh

PdhSetDefaultRealTimeDataSource

powrprof

GetCurrentPowerPolicies

rpcrt4

RpcServerRegisterAuthInfoA

advapi32

OpenSCManagerA
EncryptFileW
RegOpenKeyExA
LookupAccountNameW
BuildTrusteeWithObjectsAndSidW
LookupAccountNameA
CryptDestroyKey
SetSecurityDescriptorOwner

shell32

SHLoadNonloadedIconOverlayIdentifiers
ExtractIconExA
SHGetFolderLocation
SHCreateDirectoryExW
SHPathPrepareForWriteW

ntdsapi

DsFreePasswordCredentials
DsQuoteRdnValueW
DsGetDomainControllerInfoW

user32

SetMenuItemBitmaps
BringWindowToTop
GetKeyboardLayoutNameA
IsCharAlphaW
FlashWindowEx
LoadAcceleratorsW
DlgDirSelectComboBoxExW
SetKeyboardState
GetShellWindow
LoadImageW
GetThreadDesktop
SendInput
CreateMenu
GetIconInfo
DrawTextA
CreateWindowExA
MapVirtualKeyW
GetUpdateRgn

winmm

midiStreamRestart
mmioRead
waveOutMessage

iphlpapi

NotifyRouteChange

mscms

CloseColorProfile

setupapi

CM_Get_Device_ID_ExA
CM_Get_Resource_Conflict_DetailsW
SetupDiInstallDevice
SetupDiGetClassDescriptionExW
SetupDiRegisterCoDeviceInstallers
SetupDiGetClassDescriptionW
CM_Get_Class_Name_ExW
SetupDiGetClassDescriptionExA

comdlg32

CommDlgExtendedError

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bc7e59ca22c2d776ec736b2e5691ca67

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

lz32

secur32

urlmon

gdi32

netapi32

oleaut32

wininet

msvfw32

avifil32

imm32

ole32

shlwapi

crypt32

clusapi

winspool.drv

esent

wintrust

winscard

msacm32

kernel32

pdh

powrprof

rpcrt4

advapi32

shell32

ntdsapi

user32

winmm

iphlpapi

mscms

setupapi

comdlg32

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 40KB - Virtual size: 47KB

CODE Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 40KB - Virtual size: 47KB

CODE
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 25KB