61715d713b7173cf85315e3ae3b7b018[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

61715d713b7173cf85315e3ae3b7b018.bin
Size

2.7MB
MD5

0474ac3a974e0fed66aa7c57e6ebcde4
SHA1

546adea310412855b974b8d2dc268127d6001e9a
SHA256

81a485752c6e63be5440402545b8a1f17f1fba1958ac7ae3b09d1c79166ec398
SHA512

0a1e171192a73dfc1e85a20a674a18a004ae414893e9e60e0608ae6a0c5a897cc81dcd9c23877ee683dbf405516c2e08cdd06d1d1c38df697b96b5bbbb8d81a1
SSDEEP

49152:Kz6pn+ZoMic7WqTTE2/elBfF9ziSz/Q90E5Xf4/0G5SCNhxh6iqKUnU0F:y6p6cqTTEaI9Xz/Q90E5Q/0G5fxh6jUK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca2c9bb5e8bfcf10b71d815076af0eb537dbb3a9c817627d851bd9455226d0e4.exe

Files

61715d713b7173cf85315e3ae3b7b018.bin
.zip

Password: infected
ca2c9bb5e8bfcf10b71d815076af0eb537dbb3a9c817627d851bd9455226d0e4.exe
.exe windows:5 windows x86 arch:x86

Password: infected

fda008a3a960b69a543f012b10072e00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CopyFileW
GetCurrentProcess
HeapFree
GetProcessHeap
GetLastError
CloseHandle
ExitProcess
GetFileSize
GetNativeSystemInfo
FindResourceW
FreeLibrary
LoadResource
CreateDirectoryW
GetModuleHandleW
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
MulDiv
FreeResource
IsBadCodePtr
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersion
GetCommandLineA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
CreateMutexA
OpenMutexA
lstrcpyn
QueryPerformanceFrequency
GetExitCodeThread
LoadLibraryA
VirtualAllocEx
VirtualAlloc
LoadLibraryW
VirtualFreeEx
CreateRemoteThread
VirtualFree
DuplicateHandle
ProcessIdToSessionId
GetCurrentDirectoryW
GetTempPathW
TerminateThread
WaitForSingleObject
WritePrivateProfileStringW
CreateThread
GetWindowsDirectoryA
GetVolumeInformationA
RtlMoveMemory
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
SetFileAttributesW
WriteConsoleA
SetStdHandle
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetCurrentProcessId
DeleteFileW
GetCurrentThreadId
IsDebuggerPresent
DeviceIoControl
LockResource
GetLocalTime
GetProcAddress
RaiseException
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
ReadFile
TerminateProcess
GetConsoleCP
SetFilePointer
CreateProcessW
GetPrivateProfileStringW
IsBadWritePtr
SizeofResource
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetModuleFileNameA
GetStdHandle
HeapReAlloc
EnterCriticalSection
WideCharToMultiByte
OpenProcess
WriteFile
IsBadReadPtr
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
WriteProcessMemory
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
GetParent
IsIconic
MonitorFromWindow
SetWindowPos
GetSystemMetrics
GetMonitorInfoW
GetWindow
ReleaseDC
GetWindowDC
IsWindow
WindowFromPoint
FlashWindowEx
SetForegroundWindow
SetCapture
PtInRect
GetCursorPos
SetCursor
ReleaseCapture
UnregisterHotKey
RegisterHotKey
SetTimer
KillTimer
LoadImageW
GetCursor
ShowWindow
SetWindowTextW
GetClientRect
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
PeekMessageA
DefWindowProcW
SetWindowLongW
DispatchMessageW
SetFocus
GetMessageW
EnableWindow
SendMessageW
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
OffsetRect
UnionRect
wvsprintfW
GetWindowRgn
MoveWindow
DestroyWindow
GetKeyState
InvalidateRect
ScreenToClient
GetDC
CharNextW
GetFocus
MapWindowPoints
IntersectRect
GetUpdateRect
IsRectEmpty
EndPaint
BeginPaint
GetActiveWindow
IsZoomed
SetWindowRgn
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
GetCaretPos
GetCaretBlinkTime
FillRect
InvalidateRgn
ClientToScreen
GetGUIThreadInfo
CreateAcceleratorTableW
DrawTextW
CharPrevW
SetRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetSysColor
UnhookWindowsHookEx
EnumWindows
GetWindowThreadProcessId
GetClassNameW
IsWindowVisible
GetWindowLongW
PostMessageW
SetDoubleClickTime
GetWindowRect

gdi32

GetTextExtentPoint32W
GetCharABCWidthsW
GdiFlush
TextOutW
RoundRect
CreatePenIndirect
LineTo
SetBkColor
ExtTextOutW
SetStretchBltMode
SetBkMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
GetDeviceCaps
PtInRegion
CreateRectRgn
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetTextMetricsW
CreateFontIndirectW
GetObjectW
SetWindowOrgEx
RestoreDC
BitBlt
SaveDC
CreateCompatibleBitmap
CreateRoundRectRgn
GetObjectA
CreateSolidBrush
CreatePatternBrush
SetTextColor
MoveToEx
DeleteObject
Rectangle
GetStockObject
SelectObject
CreatePen
SetROP2

advapi32

OpenProcessToken
GetTokenInformation
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
LookupPrivilegeValueW
StartServiceW
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
CoInitialize
CoUninitialize
CLSIDFromString
OleLockRunning
CoCreateInstance

iphlpapi

GetInterfaceInfo
GetAdaptersInfo
GetExtendedTcpTable
IpRenewAddress

ws2_32

ntohs

shlwapi

PathFileExistsW

psapi

GetModuleFileNameExW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

gdiplus

GdipGetPropertyItem
GdipDeleteFontFamily
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipCloneImage
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipDrawString
GdipDrawImage
GdipDrawImageRectI
GdipCreateFontFromDC

Sections

.text
Size: - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SP0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SP1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 666KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fda008a3a960b69a543f012b10072e00

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

iphlpapi

ws2_32

shlwapi

psapi

wininet

comctl32

imm32

oleaut32

gdiplus

Sections

.text Size: - Virtual size: 670KB

.rdata Size: - Virtual size: 104KB

.data Size: - Virtual size: 100KB

.SP0 Size: - Virtual size: 1.6MB

.SP1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 512B - Virtual size: 96B

.rsrc Size: 20KB - Virtual size: 666KB

.text
Size: - Virtual size: 670KB

.rdata
Size: - Virtual size: 104KB

.data
Size: - Virtual size: 100KB

.SP0
Size: - Virtual size: 1.6MB

.SP1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 512B - Virtual size: 96B

.rsrc
Size: 20KB - Virtual size: 666KB