1175e1164d21dc61f5d8813587cbdc5a[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1175e1164d21dc61f5d8813587cbdc5a.bin
Size

11.6MB
MD5

6a2fd28677a31e62f9f364115abc19ea
SHA1

f9d7d0decf7efb013174296bf96dceebea374c82
SHA256

1ebc4629ef6d7bc8f7e10c3042e531e7c0a7ed0ad32388483dddda8a4eb1e843
SHA512

ca6249e10bfc64eef095213f607b6f3944306bd5b25ce290af0b44568bbb74c57e1c8882ada3800cddabcd804a7e6f045ecfefcb21c3bfad6b70b1b63da662f7
SSDEEP

196608:JHWfl3nmy2LwZEkglOP1E3qKkgWZnc9zzB9LDmfqxDLnadI/AawxR9z+Jba41o5I:JHWfl3n8wZRuOP1E3vkgk09fmyxPadI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/855c12d8558e7a009516c0b609d8e63b16edc276830d79a70c69872bf66b1974.exe

Files

1175e1164d21dc61f5d8813587cbdc5a.bin
.zip

Password: infected
855c12d8558e7a009516c0b609d8e63b16edc276830d79a70c69872bf66b1974.exe
.dll regsvr32 windows:6 windows x64 arch:x64

Password: infected

0fe102e3161cd5db9221235bd0aa370f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\Projects\uninstall-tool\Ready\x64\UTShellExt.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryW
FormatMessageW
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
HeapFree
FreeLibrary
OutputDebugStringA
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GetStringTypeW
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ExitProcess
GetStdHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
HeapSize
SetEndOfFile
HeapAlloc
SetLastError
CloseHandle
OutputDebugStringW
DebugBreak
IsDebuggerPresent
GetProcessHeap
ReadFile
CreateFileW
GetCommandLineW
WriteConsoleW
GetLastError
RtlUnwind

user32

GetSystemMetrics
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
CharLowerBuffW
SetRect
DrawIconEx
LoadImageW
DestroyIcon
GetMessageW
GetIconInfo
InsertMenuItemW
MessageBoxW
GetActiveWindow
InsertMenuW
GetMenuItemCount
PostMessageW

uxtheme

BeginBufferedPaint
GetBufferedPaintBits
EndBufferedPaint

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateDIBSection
CreateCompatibleDC

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify
DragQueryFileW

ole32

StringFromGUID2
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0fe102e3161cd5db9221235bd0aa370f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

uxtheme

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 335KB - Virtual size: 335KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 335KB - Virtual size: 335KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 2KB