673ad517249e3438f01cf90ad7bf39f0[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

673ad517249e3438f01cf90ad7bf39f0.bin
Size

1.4MB
MD5

673ad517249e3438f01cf90ad7bf39f0
SHA1

7e7c90556fc15e72a29e9d34b8fcd11b342df0ad
SHA256

a9483255bac5ddcb90b642caf5ab0cb524d80761fb811a176187e3c12fba253a
SHA512

59f9e0fd3a43b16107497c696d1a3c1bd396f01411da742b6fcfac5a75b6f212704417ea01a8a9771d8fe07b862a582442293c21a5f980f455c769d1e58746c3
SSDEEP

12288:T24KcD7NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:bLDhsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
673ad517249e3438f01cf90ad7bf39f0.bin

Files

673ad517249e3438f01cf90ad7bf39f0.bin
.exe windows:10 windows x64 arch:x64

ed91bb4b452f4506b6f3ef85a2522acd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TB3x.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

GetProcessHeap
GetVersionExW
lstrcmpiW
LocalFree
HeapFree
HeapAlloc
GetCurrentThreadId
GetLocalTime
WideCharToMultiByte
CloseHandle
OutputDebugStringW
FindFirstFileW
FormatMessageW
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
FindClose
HeapSetInformation
GetSystemDefaultLCID

gdi32

CreateFontIndirectW
GetTextExtentPoint32W

user32

GetSubMenu
AppendMenuW
DrawIcon
GetClientRect
CheckMenuItem
MessageBoxW
GetCursorPos
ScreenToClient
EnableMenuItem
GetSystemMenu
GetMenuState
GetMenu
LoadMenuW
GetSystemMetrics
EnableWindow
IsIconic
MoveWindow
SendMessageW
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
EnumChildWindows
LoadIconW
PeekMessageW
InsertMenuW
GetDC
ReleaseDC
PostMessageW
CopyRect
GetSysColor
GetWindowRect

mfc42u

ord1259
ord1126
ord1566
ord1562
ord1561
ord5887
ord1262
ord622
ord6581
ord4048
ord5039
ord3830
ord2408
ord1574
ord286
ord1006
ord3790
ord2427
ord3783
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord1479
ord2517
ord852
ord911
ord867
ord5711
ord5730
ord4368
ord5722
ord3468
ord2412
ord3916
ord659
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord2752
ord6053
ord5065
ord5724
ord1063
ord1430
ord1056
ord904
ord1019
ord4598
ord626
ord624
ord1284
ord2846
ord2975
ord1040
ord6531
ord6533
ord620
ord1122
ord1287
ord6050
ord6641
ord6707
ord6704
ord2783
ord4473
ord6880
ord370
ord1483
ord5804
ord6821
ord5815
ord6832
ord568
ord1381
ord1463
ord1647
ord525
ord984
ord3820
ord2449
ord2903
ord1650
ord6691
ord2595
ord4544
ord2329
ord1677
ord2676
ord4612
ord665
ord5699
ord2140
ord2457
ord5683
ord1736
ord3177
ord6614
ord4131
ord4623
ord6102
ord5484
ord3933
ord6767
ord6814
ord2060
ord2670
ord4789
ord5229
ord4860
ord5195
ord5467
ord4017
ord5712
ord4694
ord6812
ord5586
ord2393
ord2399
ord5663
ord4752
ord1778
ord4365
ord4988
ord6440
ord3535
ord3761
ord337
ord5077
ord5406
ord5245
ord4721
ord5702
ord4771
ord1777
ord6437
ord5687
ord3805
ord4027
ord2592
ord4543
ord2024
ord2425
ord6801
ord1774
ord4746
ord3774
ord1441
ord848
ord2121
ord2876
ord2049
ord2459
ord6184
ord3911
ord3410
ord3419
ord3413
ord3397
ord6386
ord4429
ord4181
ord3531
ord408
ord2106
ord2902
ord3881
ord2127
ord4557
ord4436
ord2377
ord6708
ord6705
ord1606
ord3458
ord5925
ord2794
ord2898
ord2375
ord2378
ord2384
ord2381
ord2322
ord2319
ord2316
ord2315
ord2311
ord6661
ord6754
ord3178
ord6632
ord6351
ord6311
ord3758
ord1584

msvcrt

__CxxFrameHandler3
wcscmp
__argc
__wargv
isprint
_wcsicmp
memset
isdigit
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_putws
_CxxThrowException
_vsnwprintf
wcstol
memcpy
isxdigit

atl

ord30

ole32

CoUninitialize
StringFromCLSID
StringFromGUID2
CLSIDFromString
CoTaskMemFree
StringFromIID
CoInitializeEx

oleaut32

SysStringLen
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantClear
VarI4FromStr
VarBstrFromCy
VarBstrFromDate
VariantInit
VarUI4FromStr
LoadTypeLibEx
SysStringByteLen
SafeArrayCreate
SafeArrayPutElement
VarDateFromStr
VariantChangeType
QueryPathOfRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ed91bb4b452f4506b6f3ef85a2522acd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

atl

ole32

oleaut32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB