9d51a5943e208abd91ffbd53b45fae82[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9d51a5943e208abd91ffbd53b45fae82.bin
Size

17.5MB
MD5

884bbb902d22be0883fdb8c745e51f3d
SHA1

91a77dc0b244c6cb4bbf076800e04e5b9a4deea3
SHA256

53c6033a8dc5024698d526d571b279ce47956f65c2872aeb8dedef1099623d01
SHA512

ea1083ae60c1d0b1d6af35ddd67be1a5c44b5fd3c4dc9e845848f5965277ad251efb164146f0c1f69dc2e0a49e71ff78a1a9eec696bd48684291e5874518da70
SSDEEP

393216:onwVqtWC5DgEjjrNt3kQ2fj0RDs8rxgwIpRscFv31DvFNJ:Mg09P72QRQMxy/N/ll

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f3e25ef103db5d307e3fdb36d9f08246e1d4f3a8418f1f519ffbceb6dd1e8870.dll

Files

9d51a5943e208abd91ffbd53b45fae82.bin
.zip

Password: infected
f3e25ef103db5d307e3fdb36d9f08246e1d4f3a8418f1f519ffbceb6dd1e8870.dll
.dll windows:6 windows x86 arch:x86

Password: infected

63f4289001bc0f631f0b6c3785787e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

DocumentPropertiesW

comdlg32

ChooseColorW

comctl32

ImageList_GetImageInfo

shell32

Shell_NotifyIconW

user32

MoveWindow

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

msvcrt

log

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW

shfolder

SHGetFolderPathW

ole32

CreateBindCtx

gdi32

Pie

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr
sehcrycawxvh

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aqvsfxy
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.aqvsfxy
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aqvsfxy
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

63f4289001bc0f631f0b6c3785787e0b

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

comdlg32

comctl32

shell32

user32

version

oleaut32

advapi32

msvcrt

winhttp

kernel32

shfolder

ole32

gdi32

Exports

Exports

Sections

.text Size: 7.7MB - Virtual size: 7.7MB

.itext Size: 18KB - Virtual size: 17KB

.data Size: 182KB - Virtual size: 182KB

.bss Size: - Virtual size: 32KB

.idata Size: 16KB - Virtual size: 15KB

.didata Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 135B

.rdata Size: 512B - Virtual size: 69B

.aqvsfxy Size: 8.0MB - Virtual size: 8.0MB

.aqvsfxy Size: 512B - Virtual size: 140B

.aqvsfxy Size: 7.7MB - Virtual size: 7.7MB

.rsrc Size: 233KB - Virtual size: 232KB

.reloc Size: 635KB - Virtual size: 634KB

.text
Size: 7.7MB - Virtual size: 7.7MB

.itext
Size: 18KB - Virtual size: 17KB

.data
Size: 182KB - Virtual size: 182KB

.bss
Size: - Virtual size: 32KB

.idata
Size: 16KB - Virtual size: 15KB

.didata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 135B

.rdata
Size: 512B - Virtual size: 69B

.aqvsfxy
Size: 8.0MB - Virtual size: 8.0MB

.aqvsfxy
Size: 512B - Virtual size: 140B

.aqvsfxy
Size: 7.7MB - Virtual size: 7.7MB

.rsrc
Size: 233KB - Virtual size: 232KB

.reloc
Size: 635KB - Virtual size: 634KB