d5dfac778c6191cfc76e4212c2757618[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d5dfac778c6191cfc76e4212c2757618.bin
Size

45KB
MD5

f4e4b049400e10d817fad2823e981aa8
SHA1

b7daeb858f93fcb4c1aabd75c5418209e2d61548
SHA256

f964a6e0753aa435aa0751c87820e331ad1fb15ac0a5c304e64418df7f25f647
SHA512

42021c7f6fbe71341a811e8c6fa364dfd07dc9c2307b1574f03f3f015e0738c1f810b82c163edeaf0c2ba0fd02e0f934808a0e471ee3a6c972d43693906ab7c7
SSDEEP

768:a6VnZLuOmEHJrFaFgu9g54gn2yYjZECqO9SqAJkacrcHOgOhT9hQ/HD+pYD9sly0:XVZLuOmCrE3UGlq4SGacrcHVOhT9K+2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe

Files

d5dfac778c6191cfc76e4212c2757618.bin
.zip

Password: infected
d5baf9595f8e095b6372a57182cd03d72beffc3e082a8196bc68ee6dde596e41.exe
.exe windows:5 windows x86 arch:x86

Password: infected

a25963f62b16bf426dcd489d51179deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\dev\vircs_muluwu\release\cssrs.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW

shlwapi

StrCatW
StrCpyW
StrCmpW
PathFileExistsW

user32

CreateWindowExW
RegisterDeviceNotificationW
DispatchMessageW
PostQuitMessage
LoadIconW
RegisterClassExW
LoadAcceleratorsW
TranslateMessage
wsprintfW
BeginPaint
LoadCursorW
GetMessageW
TranslateAcceleratorW
EndPaint
SendMessageW
DefWindowProcW

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
RtlUnwind
HeapReAlloc
VirtualAlloc
GetModuleFileNameW
GetFileSize
GetDriveTypeW
CreateProcessW
OpenProcess
CopyFileW
CreateFileW
lstrlenW
GetLastError
CloseHandle
SetFileAttributesW
CreateMutexW
WaitForSingleObject
Sleep
ReleaseMutex
FindFirstFileW
CreateDirectoryW
FindNextFileW
GetStartupInfoW
ExitThread
ResumeThread
CreateThread
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cleaned
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qpamyrr
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a25963f62b16bf426dcd489d51179deb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

psapi

shell32

shlwapi

user32

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 14KB

.cleaned Size: 57KB - Virtual size: 57KB

.rsrc Size: 127KB - Virtual size: 128KB

qpamyrr Size: 4KB - Virtual size: 72KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 14KB

.cleaned
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 127KB - Virtual size: 128KB

qpamyrr
Size: 4KB - Virtual size: 72KB