287d2d8c6dc43061b992fd4767cac641[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

287d2d8c6dc43061b992fd4767cac641.bin
Size

1.9MB
MD5

994f5d58b51f8022bec2cf50d59bd98d
SHA1

75a177cb612f83f80f19acf7216df10175a6615e
SHA256

7d8285951954c16c642afbf893593f1e7bc8c62f691adf9028997f032fb5917e
SHA512

872a8bc6d88f6d0e2ed762c2670757704a70be8038fe3f856ebc30be49ff01712b59a41d01be04bb97eeec29eda6ba6b1cfde7188f776dec9f701800a7305e69
SSDEEP

49152:fFubKrEdwIRyQSCAKS3cHxqk/a91kyOQNM1tACZxsC:CKrEdDSjKS3cRPGHa1gC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe

Files

287d2d8c6dc43061b992fd4767cac641.bin
.zip

Password: infected
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
.exe windows:6 windows x86 arch:x86

Password: infected

dbcf2a4deb216c4be49068990ac64d93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\exe\Win32\Release\procexp.pdb

Imports

shlwapi

PathIsNetworkPathW
StrCmpIW
SHAutoComplete
ColorHLSToRGB
ColorRGBToHLS
StrStrIW
ord176
UrlUnescapeW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

htons
ntohl
ntohs
htonl
gethostbyaddr
getservbyport
WSAStartup

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ord17
PropertySheetW
CreateStatusWindowW
ord413
CreatePropertySheetPageW
ImageList_GetIcon
ord410

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

aclui

ord1

powrprof

SetSuspendState
IsPwrSuspendAllowed
IsPwrHibernateAllowed

wtsapi32

WTSDisconnectSession
WTSSendMessageW
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSLogoffSession
WTSFreeMemory

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
SetWindowTheme
EnableThemeDialogTexture

ntdll

NtSetInformationProcess
VerSetConditionMask
NtLoadDriver
NtCreateKey
NtOpenKey
NtQuerySymbolicLinkObject
NtQueryEvent
NtQueryMutant
NtQuerySystemInformation
NtQueryInformationThread
NtQuerySection
NtResumeThread
NtSuspendProcess
NtResumeProcess
NtOpenThread
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtOpenSymbolicLinkObject
NtQueryInformationProcess
NtQueryObject
NtQuerySemaphore
NtSuspendThread
RtlUnwind

gdi32

GetDeviceCaps
GetStockObject
LineTo
RectInRegion
SelectClipRgn
SelectObject
GetBkMode
SetDCPenColor
SetBkMode
SetTextColor
GetTextMetricsW
MoveToEx
Polyline
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
SetTextAlign
TextOutW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
GetTextExtentExPointW
RestoreDC
SaveDC
SetROP2
GetBkColor
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
SetBkColor

comdlg32

PrintDlgW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
FindTextW

kernel32

GetLongPathNameW
WriteFile
CloseHandle
GetLastError
SetErrorMode
InitializeCriticalSection
Sleep
GetCurrentProcess
ExitThread
TlsAlloc
TlsSetValue
CreateProcessW
OpenProcess
GetVersion
GetSystemWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageA
lstrlenW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstFileW
GetFileAttributesW
GetPrivateProfileStringW
FreeLibrary
ExitProcess
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateThread
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetVersionExW
GetFileSizeEx
LoadLibraryW
GetTickCount
MulDiv
GlobalAddAtomW
GlobalAlloc
GlobalUnlock
GlobalLock
GetPrivateProfileIntW
GetFileTime
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
GetTempFileNameW
GetTempPathW
GetThreadId
FormatMessageW
GetCommandLineW
GetFileType
LocalAlloc
TerminateThread
GlobalReAlloc
Module32FirstW
Module32NextW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
VerifyVersionInfoW
GetEnvironmentVariableW
ReadProcessMemory
lstrcmpiW
GetSystemDirectoryW
SearchPathW
SetFilePointer
GetCurrentProcessId
IsProcessorFeaturePresent
VirtualQueryEx
OpenThread
ResumeThread
GetThreadContext
Thread32First
Thread32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
IsBadReadPtr
TerminateProcess
SetPriorityClass
ProcessIdToSessionId
GetProcessId
GlobalMemoryStatusEx
GetLogicalProcessorInformation
SetProcessWorkingSetSize
GlobalFree
PulseEvent
GetComputerNameW
WTSGetActiveConsoleSessionId
GetCurrentDirectoryW
GetDriveTypeW
OutputDebugStringW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
TrySubmitThreadpoolCallback
IsProcessInJob
CreateJobObjectW
QueryInformationJobObject
GetThreadGroupAffinity
SetThreadGroupAffinity
GlobalMemoryStatus
GetProcessAffinityMask
SetProcessAffinityMask
GetActiveProcessorGroupCount
GetActiveProcessorCount
WideCharToMultiByte
K32GetModuleFileNameExW
K32GetMappedFileNameW
K32QueryWorkingSet
DecodePointer
GetStartupInfoW
GetThreadIdealProcessorEx
GetTickCount64
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
GetNativeSystemInfo
GetConsoleCP
LCMapStringEx
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemInfo
VirtualProtect
VirtualQuery
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
GetFileSize
FileTimeToLocalFileTime
CreateFileW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
TlsGetValue
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
FreeLibraryAndExitThread
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetFullPathNameW
RaiseException
GetModuleHandleExW
LoadLibraryExW

user32

CheckDlgButton
IsDlgButtonChecked
EnableWindow
ModifyMenuW
TrackPopupMenu
SetMenuInfo
InvalidateRgn
EnumWindows
CopyAcceleratorTableW
TranslateAcceleratorW
DrawMenuBar
IsDialogMessageW
GetMenuBarInfo
ShowWindowAsync
IsIconic
EndTask
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
CreateMenu
GetMenuInfo
EndMenu
LoadIconW
LockWorkStation
IsHungAppWindow
SendMessageTimeoutW
SetDlgItemInt
CheckRadioButton
MsgWaitForMultipleObjects
GetGuiResources
CharNextW
GetWindowPlacement
MonitorFromPoint
CheckMenuRadioItem
GetWindow
GetDesktopWindow
SetRectEmpty
WindowFromPoint
ClientToScreen
SetCursorPos
MessageBeep
AdjustWindowRectEx
AllowSetForegroundWindow
SetMenuDefaultItem
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
GetMenuStringW
LoadMenuW
LoadAcceleratorsW
GetDlgCtrlID
SetWindowPlacement
IsWindow
PostQuitMessage
GetMessagePos
PeekMessageW
DrawEdge
TrackMouseEvent
LoadStringA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
DestroyWindow
EnumChildWindows
UnionRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
DialogBoxParamW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
FrameRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
GetWindowDC
IsWindowEnabled
IsZoomed
IsWindowVisible
MoveWindow
IsChild
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
KillTimer
GetClassInfoExW
UnregisterClassW
DrawIconEx
GetSysColor
SetMenuItemInfoW
DestroyMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetScrollInfo
SetScrollInfo
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
CopyRect
SetRect
FillRect
MapWindowPoints
GetCursorPos
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
SetForegroundWindow
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
EndPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
DestroyIcon
LoadImageW
EnumDisplaySettingsW
GetDC
ReleaseDC
LoadStringW
PostMessageW
SetDlgItemTextW
GetParent
DefWindowProcW
CallWindowProcW
BeginPaint

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
CreateRestrictedToken
GetAce
GetSidIdentifierAuthority
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
IsValidSid
SetTokenInformation
GetSecurityInfo
SetSecurityInfo
LookupAccountSidW
LookupAccountNameW
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
OpenProcessToken
LookupPrivilegeNameW
EnumServicesStatusExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegEnumKeyExW
SetEntriesInAclW
AddAccessAllowedAce
QueryServiceConfigW
GetLengthSid
CopySid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
MapGenericMask
RegGetValueW
RegCreateKeyW
StartServiceW
QueryServiceStatus
ControlService
QueryServiceConfig2W
SetKernelObjectSecurity
RegCloseKey
OpenServiceW
OpenSCManagerW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
GetServiceDisplayNameW
CloseServiceHandle
RegDeleteValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
AddAce

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ExtractAssociatedIconW
ShellExecuteW
SHBrowseForFolderW
ExtractIconExW
SHGetStockIconInfo
SHGetFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream

oleaut32

SafeArrayGetElement
VarUI4FromStr
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayDestroy

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpSetOption

Sections

.text
Size: 997KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dbcf2a4deb216c4be49068990ac64d93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

aclui

powrprof

wtsapi32

uxtheme

ntdll

gdi32

comdlg32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

dwmapi

winhttp

Sections

.text Size: 997KB - Virtual size: 1000KB

.rdata Size: 226KB - Virtual size: 228KB

.data Size: 43KB - Virtual size: 248KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 997KB - Virtual size: 1000KB

.rdata
Size: 226KB - Virtual size: 228KB

.data
Size: 43KB - Virtual size: 248KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB