167545d30ed35a8f29cec0a0ca1cfadf[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

167545d30ed35a8f29cec0a0ca1cfadf.bin
Size

1.3MB
MD5

03c58b8969a49d9f23ad0f629e5a6ed5
SHA1

92f7387b2ea35c7ff3eebc0d68d15b94591201fc
SHA256

caf958b94d1dfea5621a8f1b5bea07788379576d77412beb7ab40caf085298be
SHA512

6c1a55885a414d111b23715e5309823c040e56af6eebb777d5a8159d3877ab814d2107dfb83ce3e14589e27573ca782a60de04b3bb9576a83bd212e00bcf6fad
SSDEEP

24576:Ro8XYUQqpxHsdNZAlMd/UpzPUCuNrheCCZGxZoWF/tCUgkBGLSgPmxFLAQJF:Ro8XYUQOsElMd/UpzUlhEZGTLVCjkBGA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/62f3ab01f7fa27a82b402520204ce76091725364d42a58a6b9fcd8b123dee313.exe

Files

167545d30ed35a8f29cec0a0ca1cfadf.bin
.zip

Password: infected
62f3ab01f7fa27a82b402520204ce76091725364d42a58a6b9fcd8b123dee313.exe
.exe windows:6 windows x64 arch:x64

Password: infected

43b39c9b04924c8349e2841f885cfb0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

SetWindowPos
DestroyWindow
LoadCursorA
GetMenu
GetWindowRect
DispatchMessageA
CheckMenuRadioItem
GetMessageA
GetSystemMenu
CheckRadioButton
SetActiveWindow
CreateDialogParamW
EnableWindow
GetCursorPos
ChildWindowFromPoint
DefDlgProcA
InvalidateRect
InsertMenuItemA
FindWindowA
SetDlgItemInt
EnableMenuItem
GetSysColorBrush
PostQuitMessage
CheckDlgButton
KillTimer
UnregisterClassA
GetDlgItem
GetClientRect
CheckMenuItem
RemoveMenu
AppendMenuA
CharUpperA
LoadIconA
CreateDialogParamA
SetCursor
SetClipboardData
SendMessageA
SetDlgItemTextA
GetClassInfoA
TranslateMessage
SendDlgItemMessageA
GetClipboardData
CharLowerBuffA
SetFocus
DestroyMenu
RegisterClassA
IsDlgButtonChecked
EnumClipboardFormats
MoveWindow
GetSysColor
MessageBoxA
SetWindowTextA
wvsprintfA
SetWindowPlacement
GetWindowLongA
LoadAcceleratorsA
GetWindowTextA
EmptyClipboard
DestroyAcceleratorTable
CallWindowProcA
CloseClipboard
ClientToScreen
SetWindowLongA
IsMenu
SetMenuItemInfoA
IsDialogMessageA
DestroyIcon
RedrawWindow
SetTimer
GetDlgItemTextA
TranslateAcceleratorA
OpenClipboard
IsWindow
GetActiveWindow
GetSubMenu
wsprintfA
TrackPopupMenu
DestroyCursor
GetWindowPlacement
DialogBoxParamA
CreatePopupMenu
GetSystemMetrics
EndDialog
PostMessageA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

ExtractAssociatedIconW
Shell_NotifyIconW
ord155
SHGetPathFromIDListW
ord88
ord75
ord176
ord716
FindExecutableW

ole32

CoImpersonateClient
CoAllowSetForegroundWindow
MonikerRelativePathTo
CoGetStdMarshalEx
OleRegGetMiscStatus
OleDoAutoConvert
CoMarshalHresult
IsAccelerator

advapi32

RegOpenKeyExA
AdjustTokenPrivileges
RegCloseKey
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
LookupPrivilegeValueA
GetUserNameA
OpenProcessToken
RegCreateKeyA

gdi32

GetEnhMetaFileW
StretchBlt
GetFontLanguageInfo
GetPaletteEntries
GetGraphicsMode
CreateDIBPatternBrushPt
CreateBrushIndirect
GetKerningPairsW
GetObjectA
DeleteObject
CreateFontIndirectA
SetBkMode
SetTextColor
GetStockObject
SelectObject
GetMiterLimit
AnimatePalette
GdiGetBatchLimit

comctl32

ImageList_Remove
CreateToolbarEx
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
InitCommonControlsEx
ord15
ord413

dxgi

CreateDXGIFactory

kernel32

RtlPcToFileHeader
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
LocalHandle
GlobalHandle
LocalSize
GlobalSize
ExitProcess
Sleep
WriteFile
GetNamedPipeHandleStateA
AddAtomW
SetMailslotInfo
GetMailslotInfo
MulDiv
GetTapeStatus
GetModuleHandleExW
HeapAlloc
HeapFree
CreateTapePartition
EraseTape
PrepareTape
TransmitCommChar
GetCommTimeouts
GetCommModemStatus
GetCommMask
EscapeCommFunction
ClearCommError
ClearCommBreak
SetMessageWaitingIndicator
SetHandleCount
DeleteAtom
InitAtomTable
GlobalDeleteAtom
PulseEvent
ConvertThreadToFiber
CreateFiber
CreateFiberEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
FindClose
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
MapUserPhysicalPagesScatter
HeapSize
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
CloseHandle
WriteConsoleW
GlobalFlags
SetHandleInformation
ConvertFiberToThread
GetProcessIoCounters
GetStdHandle
SetStdHandle
CreateFileW
FindFirstFileExW
FindNextChangeNotification
FlushFileBuffers
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFileTime
LockFile
LockFileEx
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetFileValidData
UnlockFile
UnlockFileEx
AreFileApisANSI
EncodePointer
DecodePointer
EncodeSystemPointer
DecodeSystemPointer
GetLastError
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetNamedPipeInfo
GetNamedPipeHandleStateW
GetProcessHeap
CreateIoCompletionPort
PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
CancelWaitableTimer
GetProcessTimes
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetThreadPriorityBoost
GetThreadPriority
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
GetVersion
GetVersionExW
GetNativeSystemInfo
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
IsWow64Process
DisableThreadLibraryCalls
FreeResource
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
LocalUnlock
LocalShrink
LocalCompact
GetProcessAffinityMask

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

43b39c9b04924c8349e2841f885cfb0e

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

shell32

ole32

advapi32

gdi32

comctl32

dxgi

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 225KB - Virtual size: 225KB

.data Size: 239KB - Virtual size: 252KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 80KB - Virtual size: 79KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 225KB - Virtual size: 225KB

.data
Size: 239KB - Virtual size: 252KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 80KB - Virtual size: 79KB