7b660a371793eb4f15149b75b25e1a1a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

7b660a371793eb4f15149b75b25e1a1a.bin
Size

3.5MB
MD5

614c02bfd94e56d692ad6b40482eaf30
SHA1

a123ad3541e5497b6244707ea6ecaf70c4c7af65
SHA256

63db732d716612fad1bae3ae8fb27481cedf613a723d04cb847c691c05432fb2
SHA512

2200892ba34aca039a08b595c98eb1a4072b703c6e9f6202fe37e880a31688c684d64bde0f8c16205f6923bf489d4a086c89a175d6a799effa351d2d738388e0
SSDEEP

98304:gH1v1iIMMXyK3s8gJ2FiK9U6ux+RlyEbs0m:gR1TCEsdsF3UL+vyP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca047b493fea0277a4603a5d6f730b27cf617d8ec03cb1aab9236058d6e7e673.exe

Files

7b660a371793eb4f15149b75b25e1a1a.bin
.zip

Password: infected
ca047b493fea0277a4603a5d6f730b27cf617d8ec03cb1aab9236058d6e7e673.exe
.exe windows:6 windows x64 arch:x64

Password: infected

6f3e3551c7aaf5099b2fa152a73502d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TryAcquireSRWLockExclusive
FindClose
HeapFree
CloseHandle
GetLastError
Sleep
GlobalLock
GlobalSize
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
SetFileAttributesW
GetConsoleWindow
MoveFileExW
IsDebuggerPresent
OpenProcess
GetCommandLineW
GetVersionExW
GetComputerNameExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
RemoveDirectoryW
DeleteFileW
GetStdHandle
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTickCount64
GetLogicalDrives
GlobalFree
GlobalUnlock
lstrlenW
LoadLibraryA
GetProcAddress
CreateFileW
GetModuleFileNameW
SetFileInformationByHandle
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
GetSystemInfo
GetFileInformationByHandle
SetHandleInformation
GetModuleHandleA
GetCurrentThread
WaitForSingleObject
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
CreateMutexA
WaitForSingleObjectEx
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
GetFileType
GetDiskFreeSpaceExW
LocalFree
ReadProcessMemory
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GlobalMemoryStatusEx
PostQueuedCompletionStatus
LoadLibraryExA
FreeLibrary
GetDiskFreeSpaceA
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ntdll

NtCancelIoFileEx
NtCreateFile
RtlNtStatusToDosError
NtWriteFile
NtQuerySystemInformation
RtlGetVersion
NtDeviceIoControlFile
NtQueryInformationProcess
NtReadFile

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptUnprotectData
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertOpenStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain

advapi32

RegQueryValueExW
RegSetValueExW
LookupAccountSidW
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
SystemFunction036
CopySid
RegCloseKey
RegOpenKeyExW

user32

EmptyClipboard
SetClipboardData
ShowWindow
CloseClipboard
OpenClipboard
EnumDisplayMonitors
EnumDisplaySettingsExW
GetDpiForSystem
GetClipboardData
GetMonitorInfoW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExW
GetPerformanceInfo

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
CreateDCW
StretchBlt
CreateCompatibleDC
GetDIBits
GetObjectW
DeleteObject
DeleteDC

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity

iphlpapi

GetAdaptersAddresses
GetIfTable2
FreeMibTable
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetUserEnum
NetUserGetInfo
NetApiBufferFree

secur32

InitializeSecurityContextW
FreeCredentialsHandle
LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer
QueryContextAttributesW
DecryptMessage
FreeContextBuffer
AcquireCredentialsHandleA
DeleteSecurityContext
EncryptMessage
ApplyControlToken
AcceptSecurityContext

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ws2_32

WSAGetLastError
getpeername
getsockname
freeaddrinfo
WSAStartup
WSACleanup
send
WSAIoctl
bind
setsockopt
recv
shutdown
closesocket
WSASocketW
ioctlsocket
connect
getaddrinfo
getsockopt
WSASend

bcrypt

BCryptGenRandom

oleaut32

SysStringLen
GetErrorInfo
SysAllocString
SysFreeString
VariantClear

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

vcruntime140

memcmp
__CxxFrameHandler3
memset
memcpy
memmove
__current_exception_context
strrchr
__C_specific_handler
__current_exception

api-ms-win-crt-string-l1-1-0

wcslen
strcmp
strcspn
strncmp
strspn
strlen

api-ms-win-crt-math-l1-1-0

round
_dclass
log
fabs
roundf
__setusermatherr

api-ms-win-crt-heap-l1-1-0

_msize
malloc
realloc
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_endthreadex
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_beginthreadex
_initterm
_seh_filter_exe
_register_thread_local_exe_atexit_callback
terminate
_set_app_type
_initterm_e
_c_exit
_cexit
__p___argv
__p___argc
exit
_exit
_get_initial_narrow_environment

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6f3e3551c7aaf5099b2fa152a73502d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

crypt32

advapi32

user32

psapi

gdi32

ole32

iphlpapi

netapi32

secur32

shell32

ws2_32

bcrypt

oleaut32

pdh

powrprof

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 25KB - Virtual size: 27KB

.pdata Size: 79KB - Virtual size: 79KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 25KB - Virtual size: 27KB

.pdata
Size: 79KB - Virtual size: 79KB

.reloc
Size: 34KB - Virtual size: 33KB