fa5609f36bc3fc02ddac994f5756f039[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

fa5609f36bc3fc02ddac994f5756f039.bin
Size

1.0MB
MD5

ca8797288ad64ace77bb1ccc83f63c2b
SHA1

58cfa736d0042e42ed92f0adc3e0e81498f6675d
SHA256

51a22d66c3057e57a577ac89717fd2a18bd7e50fbaa4af21c7fb1cb3d08dcb49
SHA512

11d8aa2c1d1a56520b71b728ae2d99e324a10f4783d73517881cf09e2297ef0e7f3436f484a87459d3ae8af2886e2003d6e1d781e5282aaa1093e33f3acbac03
SSDEEP

24576:N1ZR/Z8aFUJyM9WKeyybRdGO1L4ku0G0lw3Ylu0BH8:HfR8CLYEoO1ZG0Gl018

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6c8b2d238fd8b62ad29fbd8dcf173953bedbdb2c54af554333b4ebaafc3631fb.exe

Files

fa5609f36bc3fc02ddac994f5756f039.bin
.zip

Password: infected
6c8b2d238fd8b62ad29fbd8dcf173953bedbdb2c54af554333b4ebaafc3631fb.exe
.dll windows:6 windows x64 arch:x64

Password: infected

4bdcdd1a8b738a6b15e86d19fc355a7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Next\Project Reboot 3.0\x64\Release\Project Reboot 3.0.pdb

Imports

oleaut32

OleLoadPicture

user32

MessageBoxA
GetKeyState
PostQuitMessage
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
TranslateMessage
LoadCursorW
PeekMessageW
CreateIconIndirect
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
DispatchMessageW
GetCursorPos
ShowWindow
OpenClipboard
CloseClipboard
RegisterClassExW
EmptyClipboard
GetClipboardData
SetClipboardData
UnregisterClassW
SendMessageW
CreateWindowExW
GetWindowRect
DefWindowProcW
UpdateWindow

kernel32

QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
WriteFile
VirtualAlloc
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetConsoleMode
GetCurrentProcessId
VirtualFree
SuspendThread
GetCurrentThread
GetModuleHandleW
VirtualProtect
SetConsoleTitleA
GetCurrentDirectoryW
InitializeSListHead
Sleep
GetFileAttributesA
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
RtlCaptureContext
CreateEventW
AllocConsole
VirtualQuery
ResetEvent
IsBadReadPtr
SetEvent
InitializeCriticalSectionAndSpinCount
FormatMessageA
LocalFree
MultiByteToWideChar
GetSystemInfo
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SleepEx
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
OpenThread
GetCurrentProcess
HeapFree
HeapReAlloc
HeapAlloc
GetSystemDirectoryA
HeapCreate
GlobalAlloc
GlobalFree
GlobalLock
GetLocaleInfoEx
GetLastError
SetLastError
FormatMessageW
WideCharToMultiByte
MoveFileExA
GlobalUnlock
CloseHandle
WaitForSingleObjectEx
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
AreFileApisANSI
VerifyVersionInfoW
CreateFileA
GetFileSizeEx

gdi32

DeleteObject

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

ws2_32

WSAEventSelect
WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
gethostname
ioctlsocket
WSACreateEvent
WSACloseEvent
WSAGetLastError
__WSAFDIsSet
sendto
select
WSASetLastError
bind
connect
recvfrom
getpeername
freeaddrinfo
getsockname
getsockopt
htons
ntohs
setsockopt
getaddrinfo
WSAIoctl
inet_pton
WSAStartup
WSACleanup
accept
closesocket
recv
send
socket
ntohl
htonl
listen

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptDestroyKey

crypt32

CertOpenStore
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertGetCertificateChain
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmAssociateContextEx

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Random_device@std@@YAIXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_signal
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Thrd_id
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
_Cnd_destroy_in_situ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@PEAV32@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z

d3d9

Direct3DCreate9

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list
__current_exception_context
__current_exception
memchr
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
_purecall
strrchr
memcpy
memset
memmove
memcmp

api-ms-win-crt-stdio-l1-1-0

_wfopen
fwrite
__stdio_common_vfprintf
_lseeki64
fseek
fopen
fclose
__stdio_common_vsprintf
fgets
fflush
__acrt_iob_func
fread
__stdio_common_vsscanf
feof
fputs
_close
_get_stream_buffer_pointers
freopen_s
_write
_fseeki64
_read
fsetpos
__stdio_common_vsnprintf_s
ungetc
ftell
setvbuf
fgetpos
fgetc
_fsopen
__stdio_common_vsprintf_s
_open
fputc

api-ms-win-crt-string-l1-1-0

tolower
isdigit
strcspn
_strdup
toupper
strspn
strncpy
strcmp
strpbrk
isupper
strncmp

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initialize_narrow_environment
_initterm
_initterm_e
terminate
_configure_narrow_argv
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
__sys_errlist
__sys_nerr
_beginthreadex
_errno
_getpid
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
strtoull
strtod
strtof
wcstombs
atoi
strtoll

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
_time64
strftime
_gmtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
_fdclass
_ldclass
acosf
ceilf
cosf
fminf
floorf
fmaf
fmodf
_dsign
powf
_fdsign
roundf
_ldsign
sqrtf
sinf
floor

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlock_file
_fstat64
_access
_unlink
_stat64
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 538KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4bdcdd1a8b738a6b15e86d19fc355a7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

user32

kernel32

gdi32

ole32

ws2_32

advapi32

crypt32

imm32

msvcp140

d3d9

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 538KB - Virtual size: 537KB

.data Size: 59KB - Virtual size: 77KB

.pdata Size: 51KB - Virtual size: 51KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 538KB - Virtual size: 537KB

.data
Size: 59KB - Virtual size: 77KB

.pdata
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 8KB - Virtual size: 8KB