4f3dd39a74f0bfa3ca8bfe33f6ac396f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4f3dd39a74f0bfa3ca8bfe33f6ac396f.bin
Size

426KB
MD5

f945ad58bf9b482a83d985fa1b8dd125
SHA1

2193d09f9f39887a3e26be1d8ec1d597a748acc2
SHA256

be0fbd3f99f5dfe887d4c337cc50455a89df4b78fc23559667fea002cae64158
SHA512

bae2c7296fdc2521071c21a127adfb1913a268ef3d2c0de59746ab281860035151ae056e256216f76b1f681fbe779b903a99b1942bd610683a4e047573cc861d
SSDEEP

12288:IamBRzUtyx8XfSWcog4fy2D/PaHTAdvX5OasxkvPp9Nu:La+tysSWcD4fBD60dvX5OaHx9Nu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dbfd6c69423e517932f611242d5c6a287d7dd8512e947283eded1b0e0223e461.exe

Files

4f3dd39a74f0bfa3ca8bfe33f6ac396f.bin
.zip

Password: infected
dbfd6c69423e517932f611242d5c6a287d7dd8512e947283eded1b0e0223e461.exe
.exe windows:6 windows x64 arch:x64

Password: infected

89e2acc21ebe787f36f740483f90eb35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

SetConsoleTitleA
SetConsoleTextAttribute
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileSizeEx
CreateFileA
WaitForMultipleObjects
PeekNamedPipe
Process32First
Process32Next
UnhandledExceptionFilter
GlobalAlloc
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
CreateFileW
CloseHandle
DeviceIoControl
Sleep
CreateThread
VirtualAlloc
VirtualFree
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
AllocConsole
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
ReadFile
GetTickCount
MoveFileExA
GetProcAddress
lstrcmpiA
MultiByteToWideChar
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
WideCharToMultiByte

user32

DefWindowProcA
PostQuitMessage
RegisterClassA
CreateWindowExA
PeekMessageA
DestroyWindow
ShowWindow
DispatchMessageA
TranslateMessage
MoveWindow
SetWindowPos
SetWindowDisplayAffinity
GetAsyncKeyState
LoadCursorA
mouse_event
ScreenToClient
GetSystemMetrics
UpdateWindow
GetForegroundWindow
GetWindowRect
GetWindowLongA
SetWindowLongA
FindWindowA
ClientToScreen
GetWindow
GetCursorPos
SetCursor
UnregisterClassA
SetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
EmptyClipboard
GetClipboardData
OpenClipboard
CloseClipboard
SetClipboardData
MessageBoxA

gdi32

GetStockObject

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msvcp140

?_Random_device@std@@YAIXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

d3d9

Direct3DCreate9Ex

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord301
ord200
ord30
ord79
ord35
ord22
ord33
ord32
ord27
ord26
ord143

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertFreeCertificateChainEngine
CertCloseStore
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension

ws2_32

WSAStartup
WSAIoctl
ntohl
WSASetLastError
socket
accept
htonl
listen
setsockopt
ntohs
htons
getsockopt
getsockname
sendto
recvfrom
getpeername
freeaddrinfo
connect
getaddrinfo
select
bind
WSAGetLastError
send
recv
closesocket
WSACleanup
gethostname
ioctlsocket
__WSAFDIsSet

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__current_exception
__C_specific_handler
strrchr
strchr
memcmp
_CxxThrowException
__current_exception_context
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy
memchr
strstr
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncpy
tolower
strpbrk
_strdup
strcmp
strcspn
strspn
strlen
isprint
isupper
strncmp

api-ms-win-crt-stdio-l1-1-0

_popen
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_open
_close
_write
__acrt_iob_func
_wfopen
fclose
fflush
_read
ftell
__p__commode
_set_fmode
fseek
fread
__stdio_common_vsprintf_s
_lseeki64
__stdio_common_vsnprintf_s
fgets
_pclose
feof
fputs
fopen
fputc
fwrite

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
_callnewh
realloc
free

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-math-l1-1-0

atan2
ceilf
tanf
sinf
floorf
__setusermatherr
_dclass
fmodf
sqrt
powf
pow
atan2f
asin
sqrtf
fabs
cosf

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_getpid
_beginthreadex
_invalid_parameter_noinfo_noreturn
exit
_resetstkoflw
_invalid_parameter_noinfo
__sys_nerr
strerror
system
_errno
_get_initial_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
atof
strtoull
strtod
strtoul
atoi

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_unlink
_access
_fstat64
_stat64

advapi32

CopySid
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
ConvertSidToStringSidA
CryptAcquireContextA

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

89e2acc21ebe787f36f740483f90eb35

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

shell32

imm32

msvcp140

d3d9

urlmon

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

advapi32

Sections

.text Size: 674KB - Virtual size: 673KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 674KB - Virtual size: 673KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 2KB - Virtual size: 1KB