d1fd7bf0ef1ef17007005c4d86c27d03[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d1fd7bf0ef1ef17007005c4d86c27d03.bin
Size

1.2MB
MD5

07ca03c7f4f199678dad4c298a653705
SHA1

5d609688d05caded63480468cbfd90478131de61
SHA256

ca0879d26d6acf113f504f61164217b257b3cd658cfaa1de0c894dc392832d37
SHA512

5ff709cdbdce052085121c5ed0c537c404555e0ab853f8558c36266ffbf4505010c8b053aec0a85f7d22dd0c34889d4f4de969092c12f1f9f6efce87176f3c73
SSDEEP

24576:3TKJ+NwmKQf2yQbl/N/3Mr/gMIlNnYR2hg85w1F4nvhC0zzQjGD1y/+:jKwfKQf/XuNZ6Cw1anvhGMy/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d9cea34db0d1dc016dd4007d8cd11416f095c41b0639f13af1eb6ad675651df2.exe

Files

d1fd7bf0ef1ef17007005c4d86c27d03.bin
.zip

Password: infected
d9cea34db0d1dc016dd4007d8cd11416f095c41b0639f13af1eb6ad675651df2.exe
.exe windows:6 windows x64 arch:x64

Password: infected

6897e09add1836442c84d70f65d04a85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleScreenBufferInfo
SetConsoleCursorInfo
GetConsoleCursorInfo
SetConsoleOutputCP
SetConsoleCtrlHandler
GetConsoleOutputCP
GetUserDefaultLCID
GetSystemDefaultLCID
GetCurrencyFormatW
SetLocaleInfoW
GetCPInfoExW
IsValidCodePage
CompareStringW
GetTimeFormatW
GetDateFormatW
GetNumaProcessorNode
SetVolumeMountPointW
FindFirstVolumeMountPointW
CopyFileExW
CopyFileW
BackupSeek
BackupRead
lstrcatW
lstrcmpW
GetTapeParameters
GetTapeStatus
PrepareTape
GetTapePosition
SetTapePosition
ConvertFiberToThread
GetProcessIoCounters
GetCurrentProcess
SetProcessAffinityMask
GetNumaHighestNodeNumber
QueryInformationJobObject
AssignProcessToJobObject
GetLogicalProcessorInformation
GetProcessPriorityBoost
SetPriorityClass
TlsSetValue
TlsGetValue
GetThreadPriorityBoost
GetCurrentThreadId
WriteConsoleW
CloseHandle
CreateFileW
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileApisToANSI
AreFileApisANSI
UnlockFileEx
SetFilePointerEx
SetEndOfFile
QueryDosDeviceW
LockFileEx
GetLongPathNameW
GetFileSizeEx
GetModuleHandleA
GetExitCodeProcess
GetStringTypeW
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
FindNextFileW
FindFirstFileExW
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetFileInformationByHandle
GetFileAttributesExW
FindClose
DefineDosDeviceW
GetCurrentDirectoryW
SetStdHandle
GetCurrentProcessId
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext

gdi32

SetWindowOrgEx
GetKerningPairsW
SetBrushOrgEx
GetWinMetaFileBits
PolylineTo
Polygon
LPtoDP
PolyTextOutW
StrokeAndFillPath
SetArcDirection
AbortPath
SetWinMetaFileBits
GetEnhMetaFileBits
GdiTransparentBlt
SetTextColor
SetSystemPaletteUse
SetMetaFileBitsEx
SetMapMode
SetDIBitsToDevice
SetBkMode
SetDCPenColor
SaveDC
PtVisible
PtInRegion
OffsetClipRgn
MaskBlt
GetWindowExtEx
GetViewportOrgEx
RemoveFontResourceExW
GetGlyphIndicesW
GetTextExtentExPointW
GetTextAlign
GetSystemPaletteUse
GetSystemPaletteEntries
GetMetaFileBitsEx
GetCurrentPositionEx
GetCharWidth32W
GetCharWidthW
EnumFontFamiliesW
DrawEscape
CreateBrushIndirect
CancelDC
BitBlt
Arc
AnimatePalette

winspool.drv

ConnectToPrinterDlg
EnumPrintersW
ResetPrinterW
SetJobW
GetJobW
EnumJobsW
SetPrinterW
FlushPrinter
GetPrinterDataW
EnumPrinterDataW
SetPrinterDataW
SetPrinterDataExW
GetFormW
ConfigurePortW
SetPortW

comdlg32

PrintDlgExW
PrintDlgW
ChooseFontW
ReplaceTextW
FindTextW
ChooseColorW
GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

StringFromIID
CLSIDFromString
CoEnableCallCancellation
CoTestCancel
CoCancelCall
CoQueryAuthenticationServices
CoQueryClientBlanket
CoSetProxyBlanket
IIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetStdMarshalEx
CoLockObjectExternal
CoDisconnectObject
CoMarshalHresult
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
CoGetPSClsid
CoResumeClassObjects
CoGetObjectContext
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoUninitialize
ProgIDFromCLSID
CLSIDFromProgID
CoInvalidateRemoteMachineBindings
CLSIDFromProgIDEx
CoGetInstanceFromIStorage
CoAllowSetForegroundWindow
CoIsOle1Class
CoFileTimeToDosDateTime
CoInstall
BindMoniker
MkParseDisplayName
MonikerRelativePathTo
GetClassFile
OleGetIconOfClass
OleSetAutoConvert
CoGetInterceptor
CoGetCallContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW
VerFindFileW

comctl32

ord412
ord410
ord14
ord15
ord13
PropertySheetW

dxgi

CreateDXGIFactory

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6897e09add1836442c84d70f65d04a85

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

comdlg32

ole32

version

comctl32

dxgi

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB