03f72b8492886c177ae0075d1f8f3165[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

03f72b8492886c177ae0075d1f8f3165.bin
Size

107KB
MD5

03f72b8492886c177ae0075d1f8f3165
SHA1

b804341c42efd0d105bcd182d213742732ecf412
SHA256

45776e2fc877897813d4e97b649b1b2d475c48f42e027e9819d11ac6fbf446b7
SHA512

c833b0f73d4bb2d8f1f322b9bc288895b64a086b948c15f0d9762e84e714ff1b1af1a6c216b31be6cd7be957d81aac8923e7a8354df41c3015b6f799f4c367b3
SSDEEP

1536:eXbbIPJGxmG8oGt8Z60YKlwhlSbIR4uQpeJw1unN5igHfz/6OG1emR:eXH0GWtIyOwnpR4BeJlNDmOcemR

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
03f72b8492886c177ae0075d1f8f3165.bin
unpack001/$PLUGINSDIR/KillProcDLL.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

03f72b8492886c177ae0075d1f8f3165.bin
.exe windows:4 windows x86 arch:x86

00383d7187101fe8163d3fcd4c2ace37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetFullPathNameA
CreateProcessW
lstrcatW
lstrcpyW
lstrlenW
GetVersionExA
CreateFileW
GetSystemDirectoryW
ReleaseMutex
CreateMutexA
GlobalAddAtomA
CreateEventA
CreateFileMappingA
GlobalDeleteAtom
GlobalFindAtomA
CreateDirectoryW
GetWindowsDirectoryW
SetLastError
WideCharToMultiByte
FindFirstFileW
LocalFree
FormatMessageA
UnmapViewOfFile
GetModuleFileNameW
lstrcmpW
OpenProcess
Process32Next
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
TerminateThread
GetExitCodeThread
ExpandEnvironmentStringsW
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
lstrcpyA
GetVersion
MulDiv

user32

GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CharLowerA
CharLowerW
FindWindowA
TranslateMessage
MsgWaitForMultipleObjects
CreatePopupMenu
AppendMenuA
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcA
LoadBitmapA
GetMessagePos
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
SetWindowPos
IsWindowEnabled
SetClassLongA
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ExitWindowsEx

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteW
SHGetSpecialFolderLocation
SHFileOperationA

advapi32

RegOpenKeyExW
RegDeleteValueW
DuplicateTokenEx
RegQueryValueExW
OpenProcessToken
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CLSIDFromProgID
StringFromCLSID
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetReadFile
DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle

msvcrt

memcpy
memset
free
rand
srand
malloc
strstr
wcsstr
realloc
memcmp
strrchr
_except_handler3

oleaut32

VariantInit
VariantClear

shlwapi

PathAppendW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

00383d7187101fe8163d3fcd4c2ace37

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

msvcrt

oleaut32

shlwapi

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 142KB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 32KB - Virtual size: 31KB

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 142KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB