4ec46541806980b7e9430bde011c9dd0[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4ec46541806980b7e9430bde011c9dd0.bin
Size

10.5MB
MD5

80239b5c339127e0d9bb01e97f10c100
SHA1

c61c35d9794ea78f61cff3c3f9495e9da8e5b912
SHA256

b9b5beca4ce0e123c2e10de68e5cf558657776c23ac91feb980bd35a422d91b9
SHA512

1c2ec66bd1b5dd04627ef0cfb80f480d0f9d703c4f3ff4d1e6c7b1c9d6b1beef98f2f1c0061ae7fcf98bc26d8bb3c7aae73a9a95fa8bd7c4095bb55955cb8a78
SSDEEP

196608:GAV3kBMezOQIFzTUjTM4wEf3GGRm42af3arDkCFFYELSJ9zAE73b330nG:GA2OIdiyf3GGMaf0DkCFFYELU9zAE73t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8c1770ba77c1e12024980ea73fa38340cc03c50cb2a1df2e23f8480b1d707f52.exe

Files

4ec46541806980b7e9430bde011c9dd0.bin
.zip

Password: infected
8c1770ba77c1e12024980ea73fa38340cc03c50cb2a1df2e23f8480b1d707f52.exe
.exe windows:5 windows x64 arch:x64

Password: infected

86477d96c92b189114dcebf2997e567b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
OpenThemeData
GetCurrentThemeName

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysFreeString

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

gdi32

GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW

kernel32

ReleaseMutex
InitializeCriticalSection
CreateMutexW
VirtualAlloc
VirtualFree
GetProcessHeap
ExitProcess
GetUserDefaultUILanguage
CreateFileW
CloseHandle
SetUnhandledExceptionFilter
GetLastError
GetProcessHeaps
HeapWalk
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
WriteProcessMemory
GetModuleFileNameW
GetProcAddress
LoadLibraryW
lstrcmpiW
lstrcatW
WaitForSingleObject
CreateEventW
TerminateProcess
GetFileInformationByHandle
LocalFree
lstrcmpW
GetModuleHandleW
FormatMessageW
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CreateProcessW
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
LoadLibraryExW
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetStartupInfoW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
LCIDToLocaleName
VirtualQuery
RtlUnwindEx
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
WaitForMultipleObjects
Sleep
DuplicateHandle
GetSystemDirectoryW
WaitForSingleObjectEx
SetEvent
IsProcessorFeaturePresent
OutputDebugStringW
GetLocalTime
GetSystemTime
GetCommandLineW
CompareStringEx
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
MultiByteToWideChar
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLocaleInfoEx
IsDebuggerPresent
FindNextChangeNotification
FindFirstFileExW
InitializeSListHead
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess

ole32

CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
CoCreateGuid
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateInstance
StringFromGUID2
OleSetClipboard
CoInitializeEx
CoUninitialize

shell32

SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetKnownFolderPath
SHGetKnownFolderIDList
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

user32

LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
SetCursorPos
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
GetCursor
UnregisterDeviceNotification
RegisterDeviceNotificationW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
CharNextExA
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
DestroyCursor
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
DrawIconEx
MessageBoxW
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
CloseTouchInputHandle

winmm

PlaySoundW
timeSetEvent
timeKillEvent

ntdll

isxdigit
isspace
isdigit
strchr
log
floor
bsearch
atoi
ceil
sqrt
_setjmp
memchr
longjmp
strtol
qsort
strncpy
pow
wcsncmp
tan
sin
cos
atan
__chkstk
strstr
toupper
memmove
wcsrchr
strcmp
strncmp
memcmp
strlen
memset
memcpy
RtlFreeHeap
RtlAllocateHeap
strrchr

msvcrt

_fmode
___lc_handle_func
?_set_new_mode@@YAHH@Z
_commode
_msize
mbtowc
_isatty
_strtoui64
_clearfp
_XcptFilter
fsetpos
_hypot
fgetpos
?terminate@@YAXXZ
islower
_wcsdup
_wgetenv
_localtime64
_tzname
_timezone
___lc_codepage_func
isupper
__pctype_func
_initterm
_callnewh
_write
_read
fgets
_open_osfhandle
_close
feof
_get_osfhandle
_wchmod
_waccess
asin
_lseeki64
_endthreadex
_beginthreadex
_tzset
_mktime64
acosf
acos
sinf
floorf
abort
strerror
_errno
log10
atan2
rand
exp
calloc
ftell
fseek
fread
fopen
fclose
getenv
realloc
fflush
malloc
free
_wsplitpath
_local_unwind
__DestructExceptionObject
_amsg_exit
__C_specific_handler
_CxxThrowException
__CxxFrameHandler
_ismbblead
__getmainargs
__argv
__argc
_acmdln
___mb_cur_max_func
_iob
_unlock
_lock
tolower
__set_app_type
_fileno

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

Sections

.text
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 17.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

86477d96c92b189114dcebf2997e567b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

advapi32

kernel32

ole32

shell32

user32

winmm

ntdll

msvcrt

userenv

version

netapi32

ws2_32

Sections

.text Size: 17.7MB - Virtual size: 17.7MB

.rdata Size: 3.7MB - Virtual size: 3.7MB

.data Size: 84KB - Virtual size: 17.3MB

.pdata Size: 441KB - Virtual size: 440KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 17.7MB - Virtual size: 17.7MB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 84KB - Virtual size: 17.3MB

.pdata
Size: 441KB - Virtual size: 440KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.reloc
Size: 46KB - Virtual size: 46KB