54e8a016fbd796a86237198c8fe1ec39[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

54e8a016fbd796a86237198c8fe1ec39.bin
Size

266KB
MD5

54e8a016fbd796a86237198c8fe1ec39
SHA1

7efcaac5b79a0c6316beab09a37747698468edb4
SHA256

6ab2bbad5e89c55f673bc686e75b478a0040c4f2fcf4e820e35fa791a29375e4
SHA512

9e01c9347a955fdd8d130519e1616b533292487ee52b3e2e125570d24f66e92a6194b0770f10d6bba4d58a5e334503d5297f1722767811f5406e46ad73b671e7
SSDEEP

6144:slp5UBzl0QTjR7YQsMd7vdRarGSGpTvR9/oSvhdaOGVe:upajRUzuvdRFSGpbNv7aDVe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54e8a016fbd796a86237198c8fe1ec39.bin

Files

54e8a016fbd796a86237198c8fe1ec39.bin
.exe windows:4 windows x86 arch:x86

5da97a7e756180bb8413c70c1242ba97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

QueryServiceStatus
QueryServiceLockStatusW
CloseServiceHandle
FreeInheritedFromArray
GetNamedSecurityInfoW
RegEnumKeyExW
RegRestoreKeyW
AddAce
LookupPrivilegeValueA
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegGetKeySecurity
SetSecurityInfo
RegDeleteKeyW
UnlockServiceDatabase
FreeSid
OpenServiceW
RegDeleteValueW
LockServiceDatabase
StartServiceA
IsValidAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
AdjustTokenPrivileges
EqualSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
GetAce
QueryServiceConfigW
SetEntriesInAclW
ControlService
DeleteService
ChangeServiceConfigW
EnumDependentServicesW
OpenSCManagerW
GetInheritanceSourceW
GetSecurityInfo
GetSecurityDescriptorControl
RegSetValueExW
LookupPrivilegeDisplayNameA
SetEntriesInAclA
CreateServiceW
InitializeAcl
OpenProcessToken
GetAclInformation
RegQueryValueExW
RegSaveKeyW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
ChangeServiceConfig2W
LookupPrivilegeNameA
RegEnumValueW

shell32

SHGetFolderPathW

kernel32

GetCurrentProcessId
RtlUnwind
InitializeCriticalSection
FreeLibrary
SetEnvironmentVariableA
HeapFree
CompareStringA
VirtualAlloc
SetStdHandle
WriteConsoleA
SetFilePointer
VirtualFree
HeapSize
GetSystemTimeAsFileTime
MultiByteToWideChar
QueryPerformanceCounter
HeapCreate
IsDebuggerPresent
HeapReAlloc
ReadFile
LCMapStringA
GetStringTypeW
SetUnhandledExceptionFilter
GetDateFormatA
GetOEMCP
GetCurrentProcess
GetTickCount
CompareStringW
EnumResourceTypesA
GetACP
LeaveCriticalSection
LCMapStringW
CreateNamedPipeA
EnterCriticalSection
RaiseException
TerminateProcess
GetTimeFormatA
SetEndOfFile
GetCPInfo
HeapDestroy
IsValidCodePage
GetLocaleInfoA
WriteFile
LoadLibraryA
GetTimeZoneInformation
UnhandledExceptionFilter
GetConsoleOutputCP
GetStringTypeA

oleacc

LresultFromObject
AccessibleObjectFromPoint

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5da97a7e756180bb8413c70c1242ba97

Headers

File Characteristics

Imports

mprapi

advapi32

shell32

kernel32

oleacc

newdev

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 147KB

.data Size: 197KB - Virtual size: 196KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 147KB

.data
Size: 197KB - Virtual size: 196KB

.rsrc
Size: 512B - Virtual size: 4KB