a6a9681c39ff5b8f64011964b0093d20[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a6a9681c39ff5b8f64011964b0093d20.bin
Size

10.3MB
MD5

41d79e58d67eec463c510d821b1a1797
SHA1

42fda25717e4d25c323ca31e42bef9287064fb74
SHA256

13acbbad718f50ac85857cde9bb4912d4d10bfa36ea3d1ed0f4788cd1f8c1dd1
SHA512

826b190439978b2bb1ee1b3acd429601e2b280bd418c4cb942ef6361ce55f2cc564f80931ffb28ac77b27d43449382c203805a161733b265fa3196457f48f103
SSDEEP

196608:gbK+3bHU+QWkuXMm/Uo22VaOxUZtTdMa1wRCj1AOinUANaBWenU:oK+rHUVuXMdGUTG4ZvinUhBWAU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aa1b1b391ecb8af9b4c444cd40db0ab270a5e735632551ba0e8ae0780e48d956.exe

Files

a6a9681c39ff5b8f64011964b0093d20.bin
.zip

Password: infected
aa1b1b391ecb8af9b4c444cd40db0ab270a5e735632551ba0e8ae0780e48d956.exe
.dll windows:6 windows x64 arch:x64

Password: infected

32db32733ce59cf2385286705a3a0db2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\EtoShinya\source\repos\M\x64\Release\minty.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

SizeofResource
FindResourceA
LockResource
LoadResource
AllocConsole
SetConsoleTextAttribute
GetStdHandle
GetModuleFileNameA
GetCurrentProcess
Sleep
CreateFileA
GetProcAddress
lstrcmpiW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
CreateThread
GetCurrentThreadId
QueueUserAPC
GetModuleHandleW
OpenThread
FreeResource
GetCurrentThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
AreFileApisANSI
LocalFree
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
GetConsoleWindow
ExitProcess
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
MultiByteToWideChar
VirtualProtect
GetModuleHandleA
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
SuspendThread
GetTickCount64

user32

SetCursor
ShowWindow
SetCapture
CloseClipboard
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
EmptyClipboard
GetCapture
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
IsWindowUnicode
ReleaseCapture
GetClientRect
GetClipboardData
SetClipboardData
ScreenToClient
CallWindowProcA
EnumWindows
SetCursorPos
GetClassNameA
DefWindowProcA
CreateWindowExA
GetWindowThreadProcessId
GetCursorPos
OpenClipboard
RegisterClassExA
SetWindowLongPtrA

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xbad_function_call@std@@YAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Mtx_current_owns
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
?_Xout_of_range@std@@YAXPEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_Query_perf_frequency
_Query_perf_counter
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xbad_alloc@std@@YAXXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1_Locinfo@std@@QEAA@XZ

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtProtectVirtualMemory
NtQuerySection

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__std_exception_destroy
memchr
__std_exception_copy
__std_terminate
__C_specific_handler
strchr
strstr
longjmp
strrchr
memcpy
memset
__current_exception
__current_exception_context
__intrinsic_setjmp
_CxxThrowException
__std_type_info_destroy_list
memcmp

api-ms-win-crt-stdio-l1-1-0

fflush
tmpnam
fclose
fgetc
fwrite
__stdio_common_vswprintf
__stdio_common_vfprintf
__stdio_common_vsprintf
fgetpos
setvbuf
__acrt_iob_func
__stdio_common_vsprintf_s
ungetc
_ftelli64
_popen
tmpfile
_get_stream_buffer_pointers
_pclose
clearerr
fgets
_fseeki64
getc
fopen
ferror
freopen
fread
__stdio_common_vsscanf
ftell
fsetpos
fseek
fputc
feof
_wfopen

api-ms-win-crt-heap-l1-1-0

free
_callnewh
realloc
malloc

api-ms-win-crt-convert-l1-1-0

strtoull
atof
strtoul
strtoll
strtod

api-ms-win-crt-filesystem-l1-1-0

rename
_unlock_file
remove
_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-runtime-l1-1-0

strerror
system
abort
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
exit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno
_wassert
_invalid_parameter_noinfo

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime
_difftime64
clock
_mktime64
_localtime64

api-ms-win-crt-string-l1-1-0

tolower
ispunct
isblank
isspace
islower
isalnum
strncmp
isupper
toupper
isdigit
isxdigit
strpbrk
isgraph
strspn
isalpha
iscntrl
strcmp
strcoll
strncpy

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-math-l1-1-0

ldexp
sqrt
sinf
sin
powf
tan
pow
_dclass
acos
acosf
asin
atan2
atan2f
ceil
ceilf
cos
cosf
exp
sqrtf
floor
_dsign
floorf
logf
log10
log
fmodf
fmod
frexp

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

32db32733ce59cf2385286705a3a0db2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 10.6MB - Virtual size: 10.6MB

.data Size: 10KB - Virtual size: 252KB

.pdata Size: 50KB - Virtual size: 50KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 10.6MB - Virtual size: 10.6MB

.data
Size: 10KB - Virtual size: 252KB

.pdata
Size: 50KB - Virtual size: 50KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 5KB - Virtual size: 5KB