97bd3d9816410b54186241690570ea28[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

97bd3d9816410b54186241690570ea28.bin
Size

900KB
MD5

95b4ce049c306e9cbdc331bb543482c8
SHA1

b8c74ea2a6e4c18fd678eda8c60aaa27a5df864d
SHA256

68d356d37f4185eb70e88c0edd900ca4f7ff53ba24089b8af2155e433a0dfddf
SHA512

c8b482572d0a3081bbc8334cc19e70836590bc09dc2c7411ac230a8c3bfe1f6208118dc3a1b0d93680e223f6d338e0fd61e67e6f2032bdda89038407ff1e7d4b
SSDEEP

12288:hd2gOQ8/bazM6+Fk/BAf5LaPsemXZHKzOzL/XSinM1nw6hBIN85Yzl7Kdbq9W1Wr:h1OQ8/SM7wAfta/OzjMtiNz7K8W1WCOL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3234c53ead052ba5b32c84c5ed125813718b25686be066bc4141d9d6fa9d0bcf.exe

Files

97bd3d9816410b54186241690570ea28.bin
.zip

Password: infected
3234c53ead052ba5b32c84c5ed125813718b25686be066bc4141d9d6fa9d0bcf.exe
.exe windows:5 windows x86 arch:x86

Password: infected

656e4782cc18931342281e8311ff00f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetFileSizeEx
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetStartupInfoW
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
SetErrorMode
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetThreadLocale
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
GetCurrentProcessId
GetFileTime
GetModuleHandleA
SetLastError
GlobalFree
FormatMessageW
LocalFree
MulDiv
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrlenA
GetTickCount
FreeLibrary
lstrlenW
GetLastError
LoadLibraryW
WideCharToMultiByte
GetProcAddress
WaitForSingleObject
ResetEvent
Sleep
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
Process32NextW
SetProcessWorkingSetSize
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CreateEventW
CloseHandle
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
GetCPInfo
SizeofResource

user32

IsRectEmpty
CopyAcceleratorTableW
GetSysColorBrush
WindowFromPoint
GetMessageW
ValidateRect
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
DestroyMenu
CharNextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
MapVirtualKeyW
GetKeyNameTextW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
CharUpperW
CopyRect
DispatchMessageW
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
SetCapture
UnregisterClassW
TranslateMessage
AdjustWindowRectEx
InvalidateRgn
PeekMessageW
TrackPopupMenu
ScreenToClient
SystemParametersInfoW
GetClientRect
UpdateWindow
KillTimer
IsWindow
IsWindowVisible
MoveWindow
MessageBoxW
SetCursor
CheckMenuItem
GetSubMenu
GetCursorPos
LoadMenuW
SetForegroundWindow
IsIconic
ReleaseCapture
ReleaseDC
UpdateLayeredWindow
SetWindowLongW
GetWindowLongW
GetDC
SetRect
SetTimer
GetSystemMetrics
LoadIconW
PostMessageW
ShowWindow
SetWindowPos
GetWindowRect
SetParent
LoadCursorW
EnableWindow
RegisterHotKey
UnregisterHotKey
InvalidateRect
PtInRect
SendMessageW
IntersectRect

gdi32

TextOutW
CreateFontIndirectW
CreateRectRgnIndirect
GetStockObject
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateBitmap
RectVisible
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
GetMapMode
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
GetObjectW
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
BitBlt
CreateCompatibleBitmap
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
CoFreeUnusedLibraries
CLSIDFromString
OleUninitialize
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantChangeType
VariantInit
SysAllocStringLen
VariantClear
SysAllocString
SysStringLen
SysFreeString

wininet

InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpOpenRequestW
InternetConnectW
InternetSetFilePointer
HttpSendRequestW
InternetReadFile
InternetWriteFile
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
InternetCrackUrlW
InternetCanonicalizeUrlW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectRect
GdipDrawImageRectI
GdipReleaseDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipDeleteFontFamily
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipDrawImageRectRectI
GdipDrawString

psapi

EmptyWorkingSet

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

ws2_32

WSAStartup

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

656e4782cc18931342281e8311ff00f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

psapi

iphlpapi

netapi32

snmpapi

ws2_32

Sections

.text Size: 281KB - Virtual size: 281KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 728KB - Virtual size: 727KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 281KB - Virtual size: 281KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 728KB - Virtual size: 727KB

.reloc
Size: 43KB - Virtual size: 43KB