c16bdc61bbc82e9668f8cee9cc5c94c5[.]bin

Resubmissions

30/09/2024, 12:44

240930-pyrlsswbrk 8

02/05/2024, 01:47

240502-b7snkafg38 8

Sharing

Copy URL Twitter E-mail

General

Target

c16bdc61bbc82e9668f8cee9cc5c94c5.bin
Size

31KB
MD5

72e9e929533b62306284a6fc53f7daa3
SHA1

a496c861dd6d8c84c8f3239d2e0d2edbd4364fe1
SHA256

d72d7d575b4a759f8b8d0176bde15a5e360c9955cc4a0475bdc336f1f7187ab3
SHA512

8ee687367cb6071a149fd3db6c06bd3c5822a75af0932a1ce872b0369ae8932ec332bd6186987c53316fe392663494b75902677a1a81262d1bc5e530dc284ccc
SSDEEP

768:lD9+Hn7UpoabFsQMMPgHog8cI/yxFu1W3hv4ItjhRBT3s8TU6:lDA7UuabFvPgR8fKxFuY3hvphRZG6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f.exe

Files

c16bdc61bbc82e9668f8cee9cc5c94c5.bin
.zip

Password: infected
6a195e6111c9a4b8c874d51937b53cd5b4b78efc32f7bb255012d05087586d8f.exe
.dll regsvr32 windows:4 windows x64 arch:x64

Password: infected

9e89b06661c393195797fb70ceba29aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CopyFileW
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetCurrentDirectoryW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetTempPathW
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
ReadFile
SetCurrentDirectoryW
SetFilePointer
SetHandleInformation
SetLastError
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
_wcsnicmp
abort
calloc
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
strcat
strcpy
strerror
strlen
strncmp
vfprintf
wcscat
wcscmp
wcscpy
wcslen

shell32

CommandLineToArgvW
SHGetFolderPathW

ws2_32

WSACleanup
WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

DllGetClassObject
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Start

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9e89b06661c393195797fb70ceba29aa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

ws2_32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 1024B - Virtual size: 576B

.rdata Size: 5KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 184B

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 100B

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 576B

.rdata
Size: 5KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 184B

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 100B