file[.]bin | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.bin
Size

505KB
MD5

765ec885a7ebfe703b6eda0d5adf0093
SHA1

ea1adf0e8afa18acbff48d5a13bc6d305183182f
SHA256

b82d24fe86378e237041a5a62fe679d43e949e7a1b5471fbf61b0cfa9c465db1
SHA512

61073e0d8acec8af618cc0e54a46a6200ba4e77ebcafc30c95d71582cd80d59bd3573de127b3d605d0c2a7d4d81c9146f7bf9b785e203cb337650e3c4fc40d52
SSDEEP

12288:3XGotV1YHJC0xTeZfrpFUXIPtxMSQ5tLlB3NLf3qxQqtVgxaelI:nGYfpFUXIDQ5//cFtV/elI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.bin

Files

file.bin
.dll regsvr32 windows:6 windows x86 arch:x86

880cea822b95f442aeb0c42f8c49c900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
GetProcessHeap
SleepEx
CreateMutexA
Sleep
ExitProcess
ExitThread
GetLastError
CreateProcessW
GetCurrentProcess
IsWow64Process
GetTickCount
GetModuleHandleW
GetProcAddress
HeapSize
CloseHandle
Beep
OutputDebugStringW
IsBadReadPtr
OutputDebugStringA
SetFilePointerEx
GetFileSizeEx
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
CreateFileW

user32

wsprintfW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

RtlUnwind

Exports

Exports

CPlApplet
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.flat
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

880cea822b95f442aeb0c42f8c49c900

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ntdll

Exports

Exports

Sections

.flat Size: 512B - Virtual size: 147B

.text Size: 409KB - Virtual size: 409KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 11KB - Virtual size: 31KB

.reloc Size: 16KB - Virtual size: 16KB

.flat
Size: 512B - Virtual size: 147B

.text
Size: 409KB - Virtual size: 409KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 11KB - Virtual size: 31KB

.reloc
Size: 16KB - Virtual size: 16KB