e627d8f42e56c6be761e1d9f3d9dd7299082f80f1db449353228eb45879e8e2d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e627d8f42e56c6be761e1d9f3d9dd7299082f80f1db449353228eb45879e8e2d.bin
Size

3.7MB
MD5

7f05c06a72e842d18f5fa5a5e81a044f
SHA1

dd4bc97454d4ab95001d54147ad9468eb920db90
SHA256

e627d8f42e56c6be761e1d9f3d9dd7299082f80f1db449353228eb45879e8e2d
SHA512

caa3b848836ee4b4cd2d6fe2f86f6a4c26ce183f8807bfbf20f6116ebc73a9f4febe50e74d40968746e4cf2261b4fd806e3e93a703716ed9c9a879f551ae78ff
SSDEEP

49152:khWYiqN/jzwSUL9kqxJGjRTZyKCuDHwb0X3nJhp:khWYi8jzpqxJGjDHQS5f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e627d8f42e56c6be761e1d9f3d9dd7299082f80f1db449353228eb45879e8e2d.bin

Files

e627d8f42e56c6be761e1d9f3d9dd7299082f80f1db449353228eb45879e8e2d.bin
.exe windows:6 windows x86 arch:x86

79927564713b43e22044f6685490798a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release32\core.pdb

Imports

ws2_32

select
WSAGetLastError
WSAConnect
setsockopt
ioctlsocket
shutdown
WSARecv
WSASend
htons
WSAStartup
WSACleanup
GetAddrInfoW
FreeAddrInfoW
WSASocketW
closesocket
send
recv

crypt32

CertGetNameStringW

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
GetCurrentProcessId
Thread32Next
ReadProcessMemory
ResumeThread
GetThreadContext
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThread
Module32NextW
Module32FirstW
GetProcessHandleCount
GetLocalTime
K32GetProcessMemoryInfo
GetEnvironmentVariableW
LocalFree
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
DecodePointer
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
OpenProcess
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
CompareStringW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
LockResource
IsValidCodePage
FreeResource
EnumResourceNamesW
RaiseException
CopyFileW
GetUserDefaultUILanguage
RemoveDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
TerminateThread
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
MoveFileExW
GlobalMemoryStatusEx
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FileTimeToDosDateTime
IsProcessorFeaturePresent
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
CreateProcessW
lstrcmpiW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindNextFileW
FindClose
FindFirstFileW
FileTimeToSystemTime
DosDateTimeToFileTime
GetModuleHandleW
GetCurrentProcess
GetNativeSystemInfo
DeviceIoControl
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
VirtualAlloc
GetStdHandle
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
LoadLibraryW
VirtualFree
IsBadReadPtr
VirtualQuery
GetProcAddress
FreeLibrary
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleOutputCP
GetSystemDirectoryW
GetVolumeInformationW
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
WriteFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
MultiByteToWideChar
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
FlushInstructionCache
GetSystemInfo
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetDiskFreeSpaceExW
IsDebuggerPresent

user32

SetForegroundWindow
BringWindowToTop
DialogBoxParamW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
EnableWindow
LoadIconW
LoadBitmapW
MessageBeep
MessageBoxW
ShowWindow
GetWindowRect
EndDialog
PostQuitMessage
LoadStringW
PostMessageW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
SetCursor
TrackMouseEvent
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
DrawTextW
PtInRect
GetDlgCtrlID
GetTopWindow
GetWindowThreadProcessId
SetClassLongW
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
UnregisterClassW
DefWindowProcW
CharLowerW
CharNextW
PostMessageA
GetSystemMetrics
SetRectEmpty

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectW
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetTextExtentPoint32W
GdiGradientFill
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
EnumFontFamiliesExW
CreateDIBitmap
DeleteObject
GetDIBits

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
ControlService
QueryServiceConfigW
RegQueryValueW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathFindExtensionW
PathCanonicalizeW

comctl32

DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

iphlpapi

GetAdaptersAddresses

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

bcrypt

BCryptGenRandom

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymLoadModule64
SymGetOptions
SymInitialize
SymSetOptions
MiniDumpWriteDump

gdiplus

GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipCreateHBITMAPFromBitmap

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 956KB - Virtual size: 955KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 60.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79927564713b43e22044f6685490798a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

bcrypt

dbghelp

gdiplus

wintrust

Sections

.text Size: 956KB - Virtual size: 955KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 88KB - Virtual size: 60.9MB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 956KB - Virtual size: 955KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 88KB - Virtual size: 60.9MB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 30KB - Virtual size: 30KB