9e0a12e05d6ec2cbb5f4f5bfb8b26f8c[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9e0a12e05d6ec2cbb5f4f5bfb8b26f8c.bin
Size

631KB
MD5

9e0a12e05d6ec2cbb5f4f5bfb8b26f8c
SHA1

6973332addcd885adf0e1245c6ffcde7b474f3d0
SHA256

14e637a988ef7c41d8acee983a72badbbf9172d4e8d35816d4841e2fd2f10741
SHA512

90152255858522e76f2efe14594d3f73452239cdbb46fa9ccbd766de5e355b7e34668a8eca9ae889a3ad9c2e082b9a7ad5288f61589472837e9a8db89c26a5bc
SSDEEP

12288:ZSqF/3kumxj6vRcq+3GerDJC86uDW0OUAyd5OsDQMYpgXeabCALIimvWnkJmaObN:7/3TZcJJwcW0OZyd7DxX/rIimgj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FN.exe
unpack001/VMProtectSDK64.dll
unpack001/injector.exe

Files

9e0a12e05d6ec2cbb5f4f5bfb8b26f8c.bin
.zip

Password: infected
FN.exe
.exe windows:6 windows x64 arch:x64

Password: infected

64ca8e2ee482262cfc5ea4260d6535f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

VirtualProtect
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
QueryFullProcessImageNameW
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
OpenProcess
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
InitializeSListHead
GetThreadContext
GetCurrentThread
CreateThread
GetCurrentProcess
Sleep
OutputDebugStringW
SetLastError
GetLastError
Beep
CheckRemoteDebuggerPresent
OutputDebugStringA
DebugBreak
IsDebuggerPresent
WriteFile
ReadFile
GetFileSize
FindNextFileA
FindFirstFileA
FindClose
GetStdHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalFree
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GlobalAddAtomA
LoadLibraryW
LoadLibraryA
GetModuleFileNameA
FreeLibrary
WriteProcessMemory
GlobalUnlock
GlobalAlloc
CreateFileA
GetTempPathW
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
GetCurrentThreadId
SetConsoleTextAttribute
VirtualProtectEx
IsProcessorFeaturePresent
VirtualQuery
GetCurrentProcessId
DeviceIoControl
CloseHandle
CreateFileW
GetTickCount

user32

SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
UnregisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
SetWindowDisplayAffinity
SetCursorPos
mouse_event
GetSystemMetrics
UpdateWindow
GetCapture
GetKeyState
GetActiveWindow
GetClientRect
GetForegroundWindow
GetWindowRect
MessageBoxA
GetWindowLongA
SetWindowLongA
FindWindowA
GetWindow
OpenClipboard
ReleaseCapture
EmptyClipboard
GetClipboardData
CloseClipboard
SetClipboardData
GetAsyncKeyState
SetCapture

gdi32

GetStockObject

advapi32

InitializeAcl
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
RegCreateKeyW
RegOpenKeyW
RegSetKeyValueW
RegDeleteTreeW
RegCloseKey
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation

shell32

ShellExecuteA

vmprotectsdk64

VMProtectEnd
VMProtectIsDebuggerPresent
VMProtectBeginUltra

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setf@ios_base@std@@QEAAHHH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??7ios_base@std@@QEBA_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
VerSetConditionMask

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

d3d9

Direct3DCreate9Ex

normaliz

IdnToAscii

wldap32

ord46
ord217
ord143
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord200
ord30
ord79

crypt32

PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptStringToBinaryA
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CryptQueryObject
CertGetNameStringA

ws2_32

getaddrinfo
freeaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
recvfrom
sendto
gethostname
ntohl
select

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

memset
__std_terminate
memcmp
strstr
memchr
memmove
strchr
strrchr
__current_exception
__current_exception_context
__std_exception_copy
__std_exception_destroy
memcpy
__C_specific_handler
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_cexit
_get_initial_narrow_environment
_initterm_e
_exit
strerror
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
terminate
_configure_narrow_argv
exit
system
__sys_nerr
_errno
_getpid
_invalid_parameter_noinfo
_resetstkoflw
_invalid_parameter_noinfo_noreturn
_beginthreadex
_seh_filter_exe
_initterm

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp
strcmp
isprint
tolower
strlen
strncmp
strcspn
strpbrk
isupper
_strdup
strspn

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
_callnewh
free
calloc

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64
_access
_unlink
_fstat64
_wremove
_unlock_file

api-ms-win-crt-stdio-l1-1-0

fsetpos
__stdio_common_vsprintf_s
fread
fputc
_fseeki64
_pclose
_open
_close
fwrite
setvbuf
ungetc
_popen
_read
fgetpos
__p__commode
fgets
fgetc
fflush
fclose
_lseeki64
_get_stream_buffer_pointers
feof
fputs
_write
fopen
__acrt_iob_func
_wfopen
__stdio_common_vsnprintf_s
_set_fmode
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
ftell
fseek

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-math-l1-1-0

cosf
floorf
fabs
tanf
sinf
ceilf
atan2
asin
powf
pow
atan2f
_dclass
sqrtf
fmodf
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
strtoll
atof
atoi
strtod
strtol

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

Sections

.text
Size: 973KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VMProtectSDK64.dll
.dll windows:5 windows x64 arch:x64

Password: infected

1851ff453adce0cef5274e320d5bed3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
GetLocalTime
GetTickCount
GetModuleFileNameW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

Exports

Exports

VMProtectActivateLicense
VMProtectBegin
VMProtectBeginMutation
VMProtectBeginUltra
VMProtectBeginUltraLockByKey
VMProtectBeginVirtualization
VMProtectBeginVirtualizationLockByKey
VMProtectDeactivateLicense
VMProtectDecryptStringA
VMProtectDecryptStringW
VMProtectEnd
VMProtectFreeString
VMProtectGetCurrentHWID
VMProtectGetOfflineActivationString
VMProtectGetOfflineDeactivationString
VMProtectGetSerialNumberData
VMProtectGetSerialNumberState
VMProtectIsDebuggerPresent
VMProtectIsProtected
VMProtectIsValidImageCRC
VMProtectIsVirtualMachinePresent
VMProtectSetSerialNumber

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:/Users/frog/frog/frog/frog.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

64ca8e2ee482262cfc5ea4260d6535f8

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

advapi32

shell32

vmprotectsdk64

msvcp140

ntdll

imm32

d3d9

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 973KB - Virtual size: 973KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

Password: infected

1851ff453adce0cef5274e320d5bed3c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 973KB - Virtual size: 973KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B