4852c0ff7e02f8841e3a6af146d69556[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4852c0ff7e02f8841e3a6af146d69556.bin
Size

23.4MB
MD5

3f507bc7c3fc8407fb35b9d5d02a543f
SHA1

38e4d1fb96814fff051534a43dadc66c2523ee7c
SHA256

c1ff1a077fa0f0b2920e73f49e53b6aeee3b13a48f860b6f4218e23a2c8368b5
SHA512

74753bf8cba883a2cd099c688411d1787d91e16276bc9e5e6fc97b7faec7a5fe175b82725372a88b2919f87b2112832dd81a46a645f8fdf9e70b5f30998cce4f
SSDEEP

393216:sxS2ONYyWQNj30H38Hh01uCdv9dZ+JfiE/I/gQNgwjUgJM/uEA3Ca3O:mON/WQd0X8HhjCFIp/IR2w4gJ3U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d24b622ee7dc6ec0e89d9d561ce161a4336322b4d22614284810116434e66c1c.exe

Files

4852c0ff7e02f8841e3a6af146d69556.bin
.zip

Password: infected
d24b622ee7dc6ec0e89d9d561ce161a4336322b4d22614284810116434e66c1c.exe
.exe windows:6 windows x86 arch:x86

Password: infected

18072d0a06d56d26a632ac3e54657938

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WS\tv_prel_dcr\build_cmake_win\HOST\Release\TeamViewer.pdb

Imports

kernel32

GetModuleFileNameW
DeleteCriticalSection
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
HeapDestroy
GetProcessHeap
WaitForMultipleObjects
WaitForSingleObject
PostQueuedCompletionStatus
FormatMessageW
SetEvent
TerminateThread
CloseHandle
QueueUserAPC
LocalFree
WideCharToMultiByte
FormatMessageA
CreateEventA
UnregisterWaitEx
RegisterWaitForSingleObject
UnregisterWait
ResetEvent
SetLastError
GetCurrentThreadId
RaiseException
GetUserDefaultLCID
GetStringTypeExW
LCMapStringW
LoadLibraryA
FreeLibrary
GetTickCount
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCommandLineW
ExpandEnvironmentStringsW
SetErrorMode
SetProcessShutdownParameters
CreateMutexW
ReleaseMutex
GetCurrentProcessId
ReleaseSemaphore
WaitForSingleObjectEx
GlobalSize
GlobalUnlock
GlobalLock
CreateDirectoryW
GetTempPathW
GetTempFileNameW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
SetWaitableTimer
SleepEx
CreateEventW
CreateIoCompletionPort
CreateWaitableTimerW
GetStringTypeExA
LCMapStringA
CreateFileW
InitializeCriticalSection
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
CreateSemaphoreA
GetModuleHandleW
CreateThread
GetCurrentThread
CompareStringW
CompareFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
MulDiv
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
GlobalAlloc
GlobalReAlloc
GetLocalTime
GetTimeFormatW
GlobalFree
FindResourceExW
CopyFileW
LoadLibraryExW
GetLocaleInfoW
GetSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetDateFormatW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentDirectoryW
Sleep
GetProcessTimes
SetPriorityClass
GetPriorityClass
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetConsoleTitleW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CreateSemaphoreW
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetNativeSystemInfo
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
GetComputerNameW
GetNumberFormatW
GetCurrencyFormatW
GetSystemDefaultLCID
OutputDebugStringW
GetTempPathA
GetTempFileNameA
GetCPInfo
LocalAlloc
LocalSize
DebugBreak
GetFileSize
SetEndOfFile
InitializeCriticalSectionEx
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetFileAttributesW
SetHandleInformation
SetFileCompletionNotificationModes
CancelIoEx
CancelIo
SwitchToThread
SetConsoleCtrlHandler
GetFileType
GetConsoleMode
CreateFileA
FlushFileBuffers
ReadFile
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
CancelSynchronousIo
QueueUserWorkItem
CreateNamedPipeA
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
ReadConsoleW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
WriteConsoleInputW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetDiskFreeSpaceW
GetFileInformationByHandle
GetFileSizeEx
RemoveDirectoryW
SetFilePointerEx
SetFileTime
DeviceIoControl
ReOpenFile
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetStdHandle
GetStartupInfoW
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleExW
GetACP
LoadLibraryW
ReadConsoleA
GetExitCodeThread
GetSystemPowerStatus
lstrcmpiW
GetProcessId
ProcessIdToSessionId
OpenEventW
SetThreadPriority
GetOverlappedResult
K32EnumProcessModules
K32GetModuleFileNameExW
GetSystemFirmwareTable
OpenMutexW
CreateFileMappingA
OpenFileMappingA
MapViewOfFileEx
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemDefaultLangID
GetGeoInfoW
lstrcmpW
OutputDebugStringA
GetUserDefaultUILanguage
LCIDToLocaleName
GetUserGeoID
GetLocaleInfoEx
QueryFullProcessImageNameW
CreatePipe
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteFileW
AreFileApisANSI
HeapCreate
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
SetFileAttributesW
IsDebuggerPresent
OpenEventA
OpenThread
GetComputerNameExA
GetComputerNameExW
SetUnhandledExceptionFilter
GetSystemDirectoryW
GetSystemDefaultUILanguage
MoveFileW
LocalFileTimeToFileTime
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetDiskFreeSpaceExW
WTSGetActiveConsoleSessionId
IsWow64Process
K32GetModuleBaseNameW
K32EnumProcesses
GetSystemTimes
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetLogicalProcessorInformationEx
GetEnvironmentVariableA
GetDynamicTimeZoneInformation
GetTickCount64
GetThreadTimes
SetSearchPathMode
SetDllDirectoryW
HeapSetInformation
SetProcessDEPPolicy
GetOEMCP
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
SetFilePointer
LoadLibraryExA
VirtualQuery
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
GetStringTypeW
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FindFirstFileExW
SetFileInformationByHandle
CreateDirectoryExW
LCMapStringEx
CompareStringEx
GetFileTime
GetWindowsDirectoryW
CopyFileExW
UnhandledExceptionFilter
WaitForMultipleObjectsEx
CreateWaitableTimerA
RtlUnwind
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleOutputCP
ExitProcess
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetCommandLineA

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmIsIME
ImmSetCandidateWindow

Sections

.text
Size: 43.1MB - Virtual size: 43.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 889KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

18072d0a06d56d26a632ac3e54657938

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

imm32

Sections

.text Size: 43.1MB - Virtual size: 43.1MB

IPPCODE Size: 262KB - Virtual size: 264KB

.rdata Size: 9.5MB - Virtual size: 9.5MB

.data Size: 4.7MB - Virtual size: 7.7MB

.didat Size: 4KB - Virtual size: 4KB

.rodata Size: 2KB - Virtual size: 4KB

.rsrc Size: 889KB - Virtual size: 888KB

.text
Size: 43.1MB - Virtual size: 43.1MB

IPPCODE
Size: 262KB - Virtual size: 264KB

.rdata
Size: 9.5MB - Virtual size: 9.5MB

.data
Size: 4.7MB - Virtual size: 7.7MB

.didat
Size: 4KB - Virtual size: 4KB

.rodata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 889KB - Virtual size: 888KB