a3befac6861a78952b95754e3e536f20[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

a3befac6861a78952b95754e3e536f20.bin
Size

11.4MB
MD5

f5d55fadd3c3fcca4d7b6bc33f3d224a
SHA1

9b3b826cf330d2750dcb36b703b2bef8e9b1c516
SHA256

c8ba5507a943d3bcdaa870bcff732c5260c2ac6cbfb292bdba72fffe6a873653
SHA512

1b383ba432d7a2776b336028c0a309d26553e48b53ea75bff3563169e0bd9dc4fa5e700285f94b04fe897264a909d61d34456ef8cf0b46770026b3e49334c96c
SSDEEP

196608:iuIKX/Z/ojC8Hlnzx9mCIIaJsKC8Ug+nntQZvjmO+qate19fnJkdna4CL6cP8:yKiu8HlnzSCSf8gSQgqatg9PGdnNq6cE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b38e1ec34f12aa2a0fb89aba74f4872d13b8e007d7f8edc7041488251387334.exe

Files

a3befac6861a78952b95754e3e536f20.bin
.zip

Password: infected
2b38e1ec34f12aa2a0fb89aba74f4872d13b8e007d7f8edc7041488251387334.exe
.exe windows:5 windows x64 arch:x64

Password: infected

afb6ea320891d2caec78cddcacb7d00b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrChrW
PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

IsThemeActive
SetWindowTheme
GetThemeBool
IsAppThemed
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemePropertyOrigin
GetThemeMargins
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmGetWindowAttribute

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysFreeString

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmGetContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

gdi32

CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
SelectClipRgn
GetRegionData
DeleteObject
SelectObject
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount

kernel32

lstrcatW
SetLastError
WaitForSingleObject
CreateEventW
TerminateProcess
LocalFree
lstrcmpW
GetModuleHandleW
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
GetFileSize
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
CloseHandle
VirtualAlloc
GetSystemDirectoryA
AcquireSRWLockShared
ReleaseSRWLockShared
lstrlenW
CreateFileW
FindResourceW
GetUserDefaultUILanguage
ExitProcess
lstrcmpiW
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WriteProcessMemory
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapWalk
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LCMapStringEx
DecodePointer
GetProcessHeaps
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetLocaleInfoEx
FormatMessageA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibrary
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
MultiByteToWideChar
CompareStringW
RegisterWaitForSingleObject
UnregisterWaitEx
SetFilePointerEx
SetEndOfFile
GetFileType
FlushFileBuffers
GetFileInformationByHandleEx
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
WaitForMultipleObjects
Sleep
DuplicateHandle
GetSystemDirectoryW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetLastError
EncodePointer
SetUnhandledExceptionFilter
VirtualFree
GetStdHandle
GetEnvironmentVariableW
GetACP
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlUnwindEx
VirtualQuery
LCIDToLocaleName
AreFileApisANSI
PeekNamedPipe
LoadLibraryExW
InitializeCriticalSection
ReleaseMutex
CreateMutexW
MapViewOfFileEx

ole32

StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CoInitializeEx
CoCreateInstance
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitialize
OleSetClipboard
OleGetClipboard

shell32

SHGetKnownFolderPath
Shell_NotifyIconGetRect
SHGetKnownFolderIDList
SHGetPathFromIDListW
CommandLineToArgvW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW

user32

CharNextExA
RegisterDeviceNotificationW
UnhookWindowsHookEx
UnregisterDeviceNotification
MsgWaitForMultipleObjects
GetProcessWindowStation
GetUserObjectInformationW
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
DrawIconEx
GetWindowThreadProcessId
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
CallNextHookEx
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
UnregisterClassW
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu

winmm

timeGetDevCaps
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeKillEvent
PlaySoundW
timeGetTime

ntdll

isspace
isdigit
strchr
isxdigit
log
floor
bsearch
atoi
ceil
sqrt
memchr
longjmp
strtol
qsort
strncpy
strrchr
RtlAllocateHeap
RtlFreeHeap
memcpy
memset
strlen
memcmp
strncmp
strcmp
_setjmp
wcsrchr
memmove
pow
toupper
strstr
__chkstk
atan
cos
sin
tan
wcsncmp

ws2_32

WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
recv
connect
socket
bind
InetNtopW
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
htonl
getsockopt
getsockname
select
getpeername
ioctlsocket
closesocket
__WSAFDIsSet
WSAGetLastError
ntohs
send
setsockopt
freeaddrinfo
getaddrinfo
WSAStringToAddressW
WSAIoctl
WSAStartup
WSAAsyncSelect
WSACleanup
WSASetLastError
shutdown
htons

crypt32

CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty

msvcrt

_clearfp
_sys_nerr
_sys_errlist
_strtoui64
_wcstoui64
_isatty
mbtowc
wcspbrk
__doserrno
_msize
_commode
?_set_new_mode@@YAHH@Z
___lc_handle_func
_fmode
_ismbblead
__getmainargs
__set_app_type
_XcptFilter
fsetpos
_hypot
fgetpos
?terminate@@YAXXZ
_wgetenv
_localtime64
_tzname
_timezone
__argv
__argc
_acmdln
iswctype
_iob
_unlock
_lock
wcstol
signal
raise
_wfopen
strspn
_setmode
setvbuf
strtoul
_wcsicmp
_time64
tolower
___mb_cur_max_func
strcspn
islower
_wcsdup
___lc_codepage_func
isupper
__pctype_func
_initterm
_callnewh
_write
_read
fgets
_getdrive
_open_osfhandle
_close
_fileno
feof
_get_osfhandle
_wchmod
_waccess
asin
_lseeki64
_endthreadex
_beginthreadex
_tzset
_mktime64
fputs
acosf
acos
sinf
floorf
_gmtime64
ferror
abort
strerror
_errno
log10
atan2
rand
exp
calloc
ftell
fseek
fread
fopen
fclose
getenv
realloc
fflush
_wsplitpath
malloc
free
_local_unwind
__DestructExceptionObject
_amsg_exit
wcsstr
__C_specific_handler
_CxxThrowException
__CxxFrameHandler
_wfullpath

bcrypt

BCryptGenRandom

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

Sections

.text
Size: 18.2MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 17.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

afb6ea320891d2caec78cddcacb7d00b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

advapi32

kernel32

ole32

shell32

user32

winmm

ntdll

ws2_32

crypt32

msvcrt

bcrypt

userenv

version

netapi32

Sections

.text Size: 18.2MB - Virtual size: 18.2MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 113KB - Virtual size: 17.3MB

.pdata Size: 550KB - Virtual size: 550KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 18.2MB - Virtual size: 18.2MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 113KB - Virtual size: 17.3MB

.pdata
Size: 550KB - Virtual size: 550KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.reloc
Size: 85KB - Virtual size: 84KB