windows_000001CB29210000[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

windows_000001CB29210000.bin
Size

1.7MB
MD5

a5de8adad43328a27d9c4ed5fb1542e4
SHA1

02b3f9f321c5fe7dfa71b446a9d94cf79976e6a3
SHA256

d8271d0d955e12ab7e4cb1845fb899ced613908d65482f78c674dc80b2182253
SHA512

41d47d4b5bcc8d68a40bda1dccee0f520de62400757ccb605d1221d6cf8d15fb5c00441a44cc89834fd491ce4ae84ca35431f889255f7c30676b2df7a1c61a38
SSDEEP

24576:mgXHNsuEzyU8Veu+HhK0P+Zsp4nVytClz:DC1zyU7u+BK0PMZVkKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
windows_000001CB29210000.bin

Files

windows_000001CB29210000.bin
.dll windows:4 windows x64 arch:x64

876f0fca0f118ba4b5991d8661378811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RaiseException
RtlAddFunctionTable
RtlUnwindEx
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CompareStringOrdinal
CreateFileMappingA
CreateFileW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteProcThreadAttributeList
DuplicateHandle
ExitProcess
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
LoadLibraryW
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
ReadFileEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetFileInformationByHandle
SetLastError
SetThreadStackGuarantee
SetWaitableTimer
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForSingleObject
WriteConsoleW
WriteFileEx

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
signal
strlen
strncmp
vfprintf

ntdll

NtWriteFile
RtlNtStatusToDosError
memcmp
memcpy
memmove
memset

Exports

Exports

DLLWMain
DllMain

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

876f0fca0f118ba4b5991d8661378811

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 304KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.pdata Size: 8KB - Virtual size: 8KB

.xdata Size: 16KB - Virtual size: 16KB

.bss Size: 4KB - Virtual size: 4KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 304KB - Virtual size: 304KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.pdata
Size: 8KB - Virtual size: 8KB

.xdata
Size: 16KB - Virtual size: 16KB

.bss
Size: 4KB - Virtual size: 4KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB