78fe69d76c49c7986c3855d83fb28b9f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

78fe69d76c49c7986c3855d83fb28b9f.bin
Size

159KB
MD5

d538f2cfbad0c592ebf9f755baa9f10c
SHA1

379f4de92ba62f9562c22243eb7fed0a4da26991
SHA256

ca972c1b13dc54e4fbcd7e55b6af584419687bdc90fb9f960aac4e34c5af4ee2
SHA512

7af2e6d544d8627f0bbd2b5e7f24b7ec59f1239d09426547d90cd3c849eb9397c6cecdf9a5bacbda48bfe3b840aa1001a30a49489623c94bd0c4e4636fa9083d
SSDEEP

3072:WhZU9xqTGHpoytakdlDul/ISlGHRlwAT+X6k7GKpmcInp25RYiHnjrcd5BvtNOpI:CU9M2P2tq/T+X6k7GQ4p25RYiHjQd5Bd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c9c96372d6af9f74bf83c5e6dca2a80038e41d69048b9d650f7595b8d2ddeb35.exe

Files

78fe69d76c49c7986c3855d83fb28b9f.bin
.zip

Password: infected
c9c96372d6af9f74bf83c5e6dca2a80038e41d69048b9d650f7595b8d2ddeb35.exe
.exe windows:4 windows x64 arch:x64

Password: infected

7d588e49563c36138557b0ea42412615

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
GetSecurityInfo
GetUserNameW
OpenProcessToken
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclA
SetSecurityInfo
SystemFunction036

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkW
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetVersionExW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
ReOpenFile
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_errno
_fmode
_ftime64
_get_osfhandle
_initterm
_localtime64
_lock
_lseeki64
_onexit
_open_osfhandle
_read
_snwprintf
_strnicmp
_time64
_unlock
_vsnprintf
_wchmod
_wcsnicmp
_write
_wrmdir
abort
atof
atoi
calloc
exit
fclose
feof
fgets
fopen
fprintf
fputc
free
fwrite
getenv
isspace
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
qsort
rand
realloc
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strftime
strlen
strncat
strncmp
strncpy
strtol
tolower
vfprintf
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcstombs
_wcsrev
_wcsdup
_umask
_close

psapi

GetProcessMemoryInfo

user32

DispatchMessageA
GetMessageA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage

userenv

GetUserProfileDirectoryW

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSADuplicateSocketW
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
bind
closesocket
connect
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7d588e49563c36138557b0ea42412615

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

psapi

user32

userenv

ws2_32

Sections

.text Size: 294KB - Virtual size: 294KB

.data Size: 1024B - Virtual size: 776B

.rdata Size: 25KB - Virtual size: 24KB

.pdata Size: 10KB - Virtual size: 9KB

.xdata Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 2.5MB

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.text
Size: 294KB - Virtual size: 294KB

.data
Size: 1024B - Virtual size: 776B

.rdata
Size: 25KB - Virtual size: 24KB

.pdata
Size: 10KB - Virtual size: 9KB

.xdata
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 2.5MB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B