9b095f392566382d7ba446e373d307a5[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

9b095f392566382d7ba446e373d307a5.bin
Size

1.1MB
MD5

9e124d15c9f7c091215531b9743d43ac
SHA1

2af8e9c514f9c28ae0df337242904155b2959c75
SHA256

b4057f1f7d60da858d3e52ca0f16be06088a12c9c17575cb2a621eaebaaef3c4
SHA512

72e732b1d50fcae216bb8cfa0d807f695ef28ec39476669da791beed3d84cd0ae7e81a91845ab66fa1218850a1d62a2b5d93a544fe59a3b63ff02dc1b040b166
SSDEEP

24576:ZewN3oca+vQmphHOA7ZmMh6VHvwuYg35R6lhQ8+QjCzKeIoEk3H025MT4lqG/KE:ZTRocaMph19hOvlv35R6jz+ymHDMEoGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b227c000b3b89dc66492bde86278996c9881f62bdf715e0a203cfaf1eda1cc9e.dll

Files

9b095f392566382d7ba446e373d307a5.bin
.zip

Password: infected
b227c000b3b89dc66492bde86278996c9881f62bdf715e0a203cfaf1eda1cc9e.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

f331f8e2e4acbb7e263c2b775a40e1cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
SetThreadPriority
Sleep
GetFileSizeEx
SetStdHandle
HeapSize
GetStringTypeW
GetConsoleOutputCP
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
OutputDebugStringW
GetModuleHandleExW
RaiseException
LoadLibraryExW
FreeLibrary
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RtlUnwind
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DecodePointer
TlsSetValue
TlsGetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetCurrentProcess
WriteFile
GetProcAddress
LoadLibraryA
SetHandleInformation
SetFileCompletionNotificationModes
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WakeConditionVariable
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
FreeEnvironmentStringsW
AcquireSRWLockShared
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
ReleaseMutex
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
ReleaseSRWLockShared
GetSystemTimeAsFileTime
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetFullPathNameW
GetStdHandle
TerminateProcess
WakeAllConditionVariable
QueryPerformanceFrequency
HeapFree
TlsFree
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
InitOnceComplete
TlsAlloc
GetConsoleMode
GetFileType
InitOnceBeginInitialize
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryDataAvailable

ws2_32

getsockopt
WSAIoctl
WSASend
send
WSAGetLastError
setsockopt
WSAStartup
WSACleanup
freeaddrinfo
recv
shutdown
closesocket
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
getaddrinfo

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036

secur32

FreeContextBuffer
ApplyControlToken
DecryptMessage
DeleteSecurityContext
InitializeSecurityContextW
AcceptSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesW
EncryptMessage

crypt32

CertAddCertificateContextToStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy

ntdll

NtCreateFile
NtReadFile
NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

bcrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f331f8e2e4acbb7e263c2b775a40e1cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

ws2_32

advapi32

secur32

crypt32

ntdll

bcrypt

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 794KB - Virtual size: 793KB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 794KB - Virtual size: 793KB

.reloc
Size: 49KB - Virtual size: 48KB