a1c84c14a82f2cbb7e9a5f253d721159[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

a1c84c14a82f2cbb7e9a5f253d721159.bin
Size

155KB
MD5

584e140a453ec20cdc657ef10fd60b5b
SHA1

39b0f0c03c7d5eae321801c8b30286d4f3ca2337
SHA256

d9f81c486a008fc61e6880d12c389bd3fb2e730faa072bf66f9c269659766bf3
SHA512

bfaca724784f2364dbe7837744861578a4b6d98b1312f3522cf10d7b73c8ebdf838ab926686df13dad64f3fe467280e37e114e8d387c1be2702100ce53f90984
SSDEEP

3072:9M4oiWGYVAaMCbKH0dGa2S+8uDsxVYSZtlEseoSsYxk3VGNQ:9MoWVnnd92SYsPYhP0YxNq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/53e65d071870f127bc6bf6c8e8ddfd131558153513976744ee7460eeb766d081.exe

Files

a1c84c14a82f2cbb7e9a5f253d721159.bin
.zip

Password: infected
53e65d071870f127bc6bf6c8e8ddfd131558153513976744ee7460eeb766d081.exe
.dll windows:4 windows x64 arch:x64

Password: infected

12a655c0dc6057266cd8d7f72e465acd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapReAlloc
FlsSetValue
GetCommandLineA
HeapSize
ExitProcess
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
RtlVirtualUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
GetLocaleInfoA
GlobalFlags
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetThreadLocale
GlobalGetAtomNameA
lstrcmpA
GetCurrentProcessId
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeLibrary
GetModuleFileNameW
GetProcAddress
FormatMessageA
LocalFree
SetLastError
GetTickCount
GetProcessHeap
HeapAlloc
CompareStringA
GetVersion
GetModuleHandleA
lstrcpynW
lstrcpynA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateMutexA
GetLastError
lstrlenA
lstrcpyA
WideCharToMultiByte
CreateProcessA
WaitForSingleObject
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
SetHandleCount
GetVersionExA

user32

GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
GetWindowTextA
GetDlgItem
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
PeekMessageA
PostQuitMessage
DestroyMenu
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
InsertMenuA
LoadBitmapA
SetMenuItemBitmaps
IsWindow
PostMessageA
wsprintfA
EnumWindows
GetPropA
GetForegroundWindow
RemovePropA
SetPropA
GetClassLongPtrA
GetClassNameA
LoadCursorA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
CheckMenuItem
GetClassLongA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ScaleWindowExtEx
GetDeviceCaps

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

DragQueryFileA

shlwapi

PathFindFileNameA
PathAddBackslashA
PathFindExtensionA
PathRemoveFileSpecA
StrStrIA

ole32

ReleaseStgMedium
StringFromIID
CoGetMalloc

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
homq
DllUnregisterServer

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

*H^
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

12a655c0dc6057266cd8d7f72e465acd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 10KB - Virtual size: 33KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 4KB - Virtual size: 4KB

*H^ Size: 60KB - Virtual size: 60KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 10KB - Virtual size: 33KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 4KB - Virtual size: 4KB

*H^
Size: 60KB - Virtual size: 60KB