d0d55a8f4965a4d3f661b3ea268f578b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d0d55a8f4965a4d3f661b3ea268f578b.bin
Size

804KB
MD5

574c650155d0c5b845f57f6fa528b4af
SHA1

2a80d5457e3411512bb3abad81f835ff824fa435
SHA256

cafb6062c8c5931fc771a953a9d4f64c32d1a0e61ac88c6283d4181904d210da
SHA512

798f0797fbe61b6437a237cd0bf1c66b8ad78eb3ba32737c273c557f55042d7f07c329729a498cf423157a2a4847be43499bbf2cfd123d9945d6221da0c15354
SSDEEP

12288:7rpXYrAvWZRjTPSbAbs7Kg5EwK72jH++L/zdnEyLyGKDY+rjpfF4o3OpK4thQ2E:7lXXvwRX7bOq2jHpzpEyLGLtfYKyjE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/21f77e85724543222e6cd3089fc7c741373b4b4362d25b103490c7ce84d20cda.exe

Files

d0d55a8f4965a4d3f661b3ea268f578b.bin
.zip

Password: infected
21f77e85724543222e6cd3089fc7c741373b4b4362d25b103490c7ce84d20cda.exe
.exe windows:6 windows x64 arch:x64

Password: infected

30c7d68b242fb27be994b0b3521d918b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb

Imports

rpcrt4

NdrClientCall3
NdrServerCall2
RpcStringBindingComposeW
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcStringFreeW
RpcBindingFromStringBindingW
NdrServerCallAll

shell32

SHGetFolderPathW

ntdll

NtSystemDebugControl
VerSetConditionMask
RtlPcToFileHeader
RtlCaptureContext
NtClose
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtDeleteKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind

kernel32

GetProcessHeap
HeapFree
SetLastError
GetModuleHandleExW
GetCurrentThreadId
Sleep
LocalFree
SetFilePointerEx
UnlockFileEx
LockFileEx
GetFileSizeEx
ReadFile
CompareStringW
GetCurrentThread
WriteFile
InitializeCriticalSectionEx
FlushFileBuffers
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
FileTimeToSystemTime
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
FreeLibrary
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetFileAttributesW
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
HeapAlloc
VirtualProtect
HeapReAlloc
GlobalMemoryStatusEx
GetExitCodeThread
TlsFree
MoveFileExW
FindClose
CreateDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetEnvironmentVariableW
ReleaseSRWLockExclusive
SetFileInformationByHandle
GetDiskFreeSpaceExW
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
VirtualQuery
GetSystemTimes
GetTickCount64
RaiseException
SleepConditionVariableSRW
GetCommandLineA
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
SetConsoleCtrlHandler
SetDllDirectoryW
WaitForSingleObject
GetProcessId
GetNamedPipeServerProcessId
GetFileTime
MultiByteToWideChar
ContinueDebugEvent
DebugActiveProcessStop
GetFileAttributesExW
GetSystemTimeAsFileTime
ReadProcessMemory
OpenThread
DebugBreakProcess
SetEvent
WaitForDebugEvent
DebugSetProcessKillOnExit
DebugActiveProcess
WideCharToMultiByte
VirtualQueryEx
GetThreadContext
K32GetProcessImageFileNameW
K32GetModuleBaseNameW
K32EnumProcessModules
WaitForMultipleObjects
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileW
VerifyVersionInfoW
K32GetPerformanceInfo
DeviceIoControl
CreateFileW
GetLastError
CloseHandle
OpenProcess
GetProcAddress
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetCommandLineW
ExitProcess
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
HeapSize
WriteConsoleW
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
LCMapStringEx
EncodePointer
DecodePointer
WakeAllConditionVariable
WakeConditionVariable
GetCPInfo
LoadLibraryExA
GetStringTypeW
WaitForSingleObjectEx
FormatMessageA

user32

RegisterClassExW
GetClassInfoExW

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteTreeW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
StartServiceW
QueryServiceStatus
RevertToSelf
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
CloseServiceHandle
ControlService
ChangeServiceConfigW
CreateServiceW
DeleteService
OpenServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
QueryServiceConfig2W
RegisterServiceCtrlHandlerExW
SetServiceStatus
SetThreadToken

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

30c7d68b242fb27be994b0b3521d918b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

shell32

ntdll

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 709KB - Virtual size: 709KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 23KB - Virtual size: 36KB

.pdata Size: 33KB - Virtual size: 33KB

.didat Size: 512B - Virtual size: 80B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 332KB - Virtual size: 332KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 709KB - Virtual size: 709KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 23KB - Virtual size: 36KB

.pdata
Size: 33KB - Virtual size: 33KB

.didat
Size: 512B - Virtual size: 80B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 332KB - Virtual size: 332KB

.reloc
Size: 5KB - Virtual size: 5KB