35e11c13023ab1ac61074ad93aabaa91[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

35e11c13023ab1ac61074ad93aabaa91.bin
Size

1.1MB
MD5

72d84db6b7531a94185e5e259b0a6837
SHA1

65d1dfba894353b38abe598bf02466ea6d3772f4
SHA256

7497c0285b039186bc89de1611daa0d0b99ce9bcac89992c00231733dfa7439d
SHA512

9cb9b0f7818f988e5db9846ed2b5af9728dd78deff6f142f37d704a6b5f690973d88cc3575b80079a8dc8742f444ef5c6521da7a7729887d396ad5eac1d96596
SSDEEP

24576:ZlyjUGwZlBuAxZ4hY7OMrpnT1OT5uyVB5+6aGBPRyVAZs:Zlyj8ZlBuAr4hY7OMr1o1FxB8Vb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3c911df5b86df9712bf5f14ff49c3beadb62cbde886609139c437bf0a919fc49.dll

Files

35e11c13023ab1ac61074ad93aabaa91.bin
.zip

Password: infected
3c911df5b86df9712bf5f14ff49c3beadb62cbde886609139c437bf0a919fc49.dll
.dll windows:6 windows x86 arch:x86

Password: infected

7b5d177b063b76d3393869008338136a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdia140.pdb

Imports

kernel32

SetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
GetLastError
GetSystemInfo
InitializeCriticalSection
DeleteCriticalSection
LCMapStringW
UnmapViewOfFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetFullPathNameW
GetFullPathNameA
SetStdHandle
GetFileType
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetStdHandle
GetStringTypeW
GetDriveTypeW
WriteFile
CompareStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetCurrentDirectoryW
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
DecodePointer
GetFileAttributesW
SetFileAttributesW
VirtualAlloc
VirtualFree
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
MapViewOfFileEx

Exports

Exports

AlphaBlend
AlphaBlend
TransparentBlt
TransparentBlt
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 996KB - Virtual size: 995KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7b5d177b063b76d3393869008338136a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 9KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 996KB - Virtual size: 995KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 9KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 996KB - Virtual size: 995KB