9d5bfd93e798839b1dbaa36916a20518263f0068f1df0463d5417e557ed23e27[.]bin[.]sample

Sharing

Copy URL Twitter E-mail

General

Target

9d5bfd93e798839b1dbaa36916a20518263f0068f1df0463d5417e557ed23e27.bin.sample
Size

295KB
MD5

15b107e4c9da26ef4ce536bcefe2aac0
SHA1

c9d4314abc5860978948fa6bcad1a1c509118ef8
SHA256

9d5bfd93e798839b1dbaa36916a20518263f0068f1df0463d5417e557ed23e27
SHA512

f4f51b1f10e6afcca95bc77308c62f2efb9102909436015728f2304ebec8e3e27bc7bf8b6c471a21a33914b51bca909db7ff6045343667593ed23c292ac32135
SSDEEP

6144:3G8AKlyVC4rfwCHwZurNiBhYxKd3TQvgzjwo+wlsDEo43dgAWi:3oKf4rLHVrUwxMkvgzjwoj+DE4AWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d5bfd93e798839b1dbaa36916a20518263f0068f1df0463d5417e557ed23e27.bin.sample

Files

9d5bfd93e798839b1dbaa36916a20518263f0068f1df0463d5417e557ed23e27.bin.sample
.exe windows:5 windows x86 arch:x86

e1d5b45e01071ca5f14551a8a2bff6f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand
memmove
srand
memcmp
memcpy
_time64
memset
_lseek
tolower
strchr
strncmp
_strcmpi

ws2_32

__WSAFDIsSet
WSAStartup
gethostbyname
WSASend
gethostname
socket
setsockopt
send
select
connect
accept
bind
closesocket
recv
listen
htons
htonl
shutdown

wininet

HttpSendRequestExA
HttpSendRequestW
InternetCanonicalizeUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetQueryOptionA
InternetWriteFile

winscard

SCardGetAttrib
SCardEstablishContext
SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
SCardConnectA
SCardDisconnect
SCardBeginTransaction
SCardEndTransaction
SCardStatusA
SCardTransmit
SCardControl

cabinet

ord10
ord13
ord11
ord14

iphlpapi

GetIpForwardTable
GetAdaptersInfo

psapi

GetModuleFileNameExA

kernel32

HeapReAlloc
LoadLibraryExW
GetStringTypeW
LCMapStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
CreateFileA
RaiseException
SetErrorMode
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
lstrcatA
lstrlenA
GetFileTime
SetFileTime
CloseHandle
GetLastError
CreateMutexA
OpenProcess
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
lstrcpyA
FindClose
FindFirstFileA
FindNextFileA
lstrcmpiA
MultiByteToWideChar
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetFileSize
ReadFile
WriteFile
GetTempPathA
MoveFileA
CreateThread
TerminateThread
GetSystemTime
SystemTimeToFileTime
HeapAlloc
HeapFree
GetProcessHeap
DuplicateHandle
GetProcessTimes
GetCurrentThread
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
GetProcAddress
SetEvent
WaitForSingleObjectEx
CreateEventA
GetTickCount
GetProcessId
MapViewOfFile
UnmapViewOfFile
LocalFree
CreateFileMappingA
GetCurrentThreadId
GlobalLock
GlobalUnlock
FileTimeToSystemTime
CreateRemoteThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WideCharToMultiByte
SetLastError
ResumeThread
MoveFileExA
GetDriveTypeA
GetLogicalDrives
OutputDebugStringA
OpenMutexA
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
LoadLibraryA
ReleaseMutex
GetExitCodeThread
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeA
FlushFileBuffers
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter

user32

ExitWindowsEx
DefWindowProcA
EmptyClipboard
MessageBoxA
GetWindowLongW
GetWindow
GetClassNameA
EnumWindows
FindWindowExA
GetParent
SetWindowLongA
wsprintfA
FindWindowA
GetWindowThreadProcessId
wvsprintfA
GetKeyboardLayout
CallWindowProcA
IsWindow
OpenClipboard
CloseClipboard
GetClipboardData
GetKeyboardState
ToAsciiEx
GetWindowTextA
GetWindowTextLengthA
EnumChildWindows
SendMessageA
IsWindowVisible

gdi32

DeleteObject
DeleteDC
GetDeviceCaps
CreateCompatibleDC
BitBlt
SelectObject
CreateDIBSection
GetDIBColorTable
CreateDCA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

advapi32

SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
LookupPrivilegeValueA
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AdjustTokenPrivileges
GetUserNameA
OpenProcessToken

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1d5b45e01071ca5f14551a8a2bff6f4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ws2_32

wininet

winscard

cabinet

iphlpapi

psapi

kernel32

user32

gdi32

shell32

ole32

advapi32

Sections

.text Size: 215KB - Virtual size: 215KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 11KB - Virtual size: 20KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 215KB - Virtual size: 215KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 11KB - Virtual size: 20KB

.reloc
Size: 13KB - Virtual size: 13KB