b94c03266ea57e9997b489d4b5b61459[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b94c03266ea57e9997b489d4b5b61459.bin
Size

33KB
MD5

f9405bbd829c659b9a2d1c8170d6680b
SHA1

07bda8c5b07713e8f4957dad93503511e7a76c6c
SHA256

af49f62bca9a9af59da74482a03eddd39ac0a9338a3b3c71b8f1277aa7610ff2
SHA512

ca0cd62b858dd895b7af60bfea56dfb52247d9046500a095593d87c447b9b62f73b3c88666b84d239e4ec2b72f6c4d3194c89716a3150076a1eeb3beb277ec26
SSDEEP

768:EHpltMHwd1K2/otmnTExY6gQGjUhA1AX9uzejt/OJxAVn:yyH8b/CcTXtm9Sejt/O4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5d00ef57c815417ced2041c1c887f9a1405e9ff792cf399e08fa3f7a2b977c80.exe

Files

b94c03266ea57e9997b489d4b5b61459.bin
.zip

Password: infected
5d00ef57c815417ced2041c1c887f9a1405e9ff792cf399e08fa3f7a2b977c80.exe
.dll regsvr32 windows:4 windows x64 arch:x64

Password: infected

bb88df48ced037afda8413bbd8f52630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetCurrentDirectoryW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
ReadFile
SetCurrentDirectoryW
SetFilePointer
SetHandleInformation
SetLastError
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
_wcsnicmp
abort
calloc
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
strcat
strcpy
strerror
strlen
strncmp
vfprintf
wcscat
wcscmp
wcscpy
wcslen

shell32

SHGetFolderPathW

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Start

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bb88df48ced037afda8413bbd8f52630

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

ws2_32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.data Size: 1024B - Virtual size: 544B

.rdata Size: 5KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 184B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 1024B - Virtual size: 544B

.rdata
Size: 5KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 184B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 100B