995710596451478545b9113bfd75a219[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

995710596451478545b9113bfd75a219.bin
Size

463KB
MD5

08cc04229993218ddd5885d5d0290e5b
SHA1

8ea9bb85ca3fa73a6c05fd18836a9c21b46f64d9
SHA256

64cee0326d7fd3ee0741a789d2b92d0b35debd83c321855e3dcc7875ed1d1eab
SHA512

c9895184257ca951859381b7ba21c229651ac7db9ce47485fff3b9abf77870da4bf202ba30272c1d1e45da9a41949e120eae9a48b09e12f848e625a77c09157e
SSDEEP

12288:6/6LgbkoIjrCLvpPsjfNbzkoaiJXIguQM7geAQ78fV:xIkvr2vpsjVxaiJY5LEey

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/45048877f5a11bf5d867ac5a8ab503356aeeb46e30a7c9e54e1e28004c288a34.exe

Files

995710596451478545b9113bfd75a219.bin
.zip

Password: infected
45048877f5a11bf5d867ac5a8ab503356aeeb46e30a7c9e54e1e28004c288a34.exe
.exe windows:5 windows x86 arch:x86

Password: infected

20eef06114ebaa471957d6d81d3c58cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\544437\src\3\360skinview_trunk\360SkinView\Release\360SkinView.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

GetCurrentThreadId
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
OpenMutexW
TerminateProcess
GetTickCount
LocalAlloc
CreateProcessW
GetModuleHandleA
FlushInstructionCache
RaiseException
GetSystemTimeAsFileTime
CreateRemoteThread
CopyFileW
lstrlenA
lstrcmpiA
GetTempPathW
FreeConsole
GlobalFree
MulDiv
InterlockedIncrement
GlobalAlloc
GetTempFileNameW
GlobalLock
GlobalUnlock
GetCommandLineW
SetErrorMode
lstrcmpW
SetCurrentDirectoryW
CloseHandle
FreeLibrary
SystemTimeToFileTime
GetLocaleInfoW
WriteConsoleW
FreeResource
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
lstrcmpiW
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
lstrcmpA
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleOutputCP
InterlockedExchange
CreateEventW
GetVersionExW
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WaitForSingleObject
WaitForMultipleObjects
GetVersion
GetLastError
LocalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
InterlockedCompareExchange
LoadLibraryW
SetEvent
InterlockedDecrement
OpenProcess
GetShortPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
ReadFile
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
DeviceIoControl
MoveFileExW
RemoveDirectoryW
GetFileAttributesW
GetConsoleCP
DeleteFileW
GetFileSize
GetModuleFileNameW
GetPrivateProfileStringW
TerminateThread
CreateThread
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
CreateFileW

user32

CreateAcceleratorTableW
ClientToScreen
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
EnumChildWindows
GetFocus
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
IsChild
EndPaint
BeginPaint
GetWindowTextW
GetWindowTextLengthW
PeekMessageW
CreateDialogParamW
GetClassInfoW
RegisterClassW
BringWindowToTop
SwitchToThisWindow
LoadImageW
DisableProcessWindowsGhosting
SendMessageTimeoutW
FindWindowW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
IsWindowVisible
UnregisterClassA
GetWindowThreadProcessId
GetSystemMetrics
LoadStringW
PostMessageW
IsWindow
PostQuitMessage
MoveWindow
KillTimer
DestroyWindow
GetWindowPlacement
ShowWindow
SetTimer
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
EnableWindow
GetParent
SendMessageW
SetWindowPos
SetFocus
IsWindowEnabled
SetRectEmpty
RegisterWindowMessageW
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetKeyboardState
keybd_event
GetWindowRect
GetDesktopWindow
MonitorFromRect
InvalidateRect
UpdateWindow
MessageBoxW
GetActiveWindow
GetClientRect
GetDC
ReleaseDC
IsDialogMessageW
IsRectEmpty
CopyRect
OffsetRect
MapWindowPoints
MonitorFromWindow
GetWindow
SetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
DrawTextW
PtInRect
GetMessagePos
ScreenToClient
UpdateLayeredWindow
SetCursor
GetWindowDC
GetClassLongW
GetCursorPos
RedrawWindow
SetClassLongW

gdi32

CreateFontW
CreateDIBSection
CreateRectRgnIndirect
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
GetObjectA
GetTextMetricsW
SelectObject
GetObjectW
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
GetStockObject
SetViewportOrgEx
BitBlt
DeleteObject
CreateSolidBrush

advapi32

RegCreateKeyA
GetSidSubAuthority
GetTokenInformation
RegUnLoadKeyW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHParseDisplayName
SHBindToParent
SHGetDataFromIDListW
SHGetFolderPathW
ord680
ShellExecuteW

ole32

CoTaskMemRealloc
OleInitialize
CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SafeArrayGetVartype
SafeArrayCopy
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysFreeString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData
VarUI4FromStr
VariantClear
VariantInit

shlwapi

ColorHLSToRGB
ColorRGBToHLS
PathCompactPathW
PathStripPathW
ord437
SHSetValueA
SHGetValueA
PathRemoveExtensionW
StrStrIA
SHSetValueW
PathAppendW
SHGetValueW
wnsprintfW
PathIsDirectoryW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathCombineW
StrCmpIW
PathFindFileNameW
PathFindExtensionW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawImagePointRectI
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipCreateBitmapFromStream
GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawLine
GdipAddPathEllipseI
GdipSetInterpolationMode
GdipCreateBitmapFromFile
GdipRotateWorldTransform
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateFromHWND
GdipDrawString
GdipGetFontHeight
GdipFillRectangle
GdipResetClip
GdipSetClipRectI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipSetTextRenderingHint
GdipMeasureString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipSetLinePresetBlend
GdipDrawLineI
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipGetPixelOffsetMode
GdipSetPenWidth
GdipDrawEllipseI
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipFillPath
GdipCreateSolidFill
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipCreateFontFromDC

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

DeleteUrlCacheEntryW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenW

userenv

GetUserProfileDirectoryW

msvfw32

MCIWndCreateW

imm32

ImmDisableIME

setupapi

SetupIterateCabinetW

Sections

.text
Size: 671KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

gWu+
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

20eef06114ebaa471957d6d81d3c58cb

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

wininet

userenv

msvfw32

imm32

setupapi

Sections

.text Size: 671KB - Virtual size: 671KB

.rdata Size: 225KB - Virtual size: 225KB

.data Size: 22KB - Virtual size: 44KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 47KB - Virtual size: 46KB

gWu+ Size: 18KB - Virtual size: 20KB

.text
Size: 671KB - Virtual size: 671KB

.rdata
Size: 225KB - Virtual size: 225KB

.data
Size: 22KB - Virtual size: 44KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 47KB - Virtual size: 46KB

gWu+
Size: 18KB - Virtual size: 20KB