ejPdcnFXXZOoQTj-TW6_TrBo7oNVXK3lBetshNSl8wI[.]bin

Resubmissions

08-02-2024 21:52

240208-1q8e5ada57 10

Sharing

Copy URL

Twitter E-mail

General

Target

ejPdcnFXXZOoQTj-TW6_TrBo7oNVXK3lBetshNSl8wI.bin
Size

1.2MB
MD5

94a0d511f19ea13989a75e87cc97039d
SHA1

d3ebd6b61527cdb789fe25526313097d3bc8aa14
SHA256

7a33dd7271575d93a84138ff4d6ebe4eb068ee83555cade505eb6c84d4a5f302
SHA512

4a39b441ed9218b4c0f52952d0a4a835a5040fa7d04f8aa69af76eb3a875fc8f1d05adc6209a2a0b60d8d181c930f5948e45068bc5eaf4a5448e1858a4585591
SSDEEP

24576:ts2AGIbr4GoUOlzscb1GsMag8Smx1ZyLko0CI5ypSNfMnITj6GmwRmshM/9YOm+q:qpn4GoUkgcbRMJBpL90CI5ysNfMI5mK5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/w_ver.dll

resource
unpack001/w_ver.dll

Files

ejPdcnFXXZOoQTj-TW6_TrBo7oNVXK3lBetshNSl8wI.bin
.zip
ps1.ps1
.ps1
w_ver.dll
.dll regsvr32 windows:6 windows x64 arch:x64

bf00e0a5f077c9a1925ed08972af9ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
CreateThread
SuspendThread
GetCurrentProcessId
GetSystemDirectoryA
WaitForSingleObject
GetFileType
SetEndOfFile
GetCurrentThread
CreateNamedPipeA
WaitNamedPipeA
VirtualAlloc
DuplicateHandle
CreateMutexA
OpenMutexA
ReleaseMutex
ExitThread
TransactNamedPipe
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
HeapAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx

Exports

Exports

Cnt918
DllRegisterServer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 629KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bf00e0a5f077c9a1925ed08972af9ef7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 629KB - Virtual size: 628KB

.data Size: 1.7MB - Virtual size: 1.7MB

.pdata Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 629KB - Virtual size: 628KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB