f1fb4fac89efa87233ac4bfdb3febd63c0b12defd8c211d7ea40b6660e78de88N

Sharing

Copy URL Twitter E-mail

General

Target

f1fb4fac89efa87233ac4bfdb3febd63c0b12defd8c211d7ea40b6660e78de88N
Size

117KB
MD5

526444413ed85a0bc18f269f735c5890
SHA1

44e02e8b56b57b82d2e54ae90fe7ce0647c21fdd
SHA256

f1fb4fac89efa87233ac4bfdb3febd63c0b12defd8c211d7ea40b6660e78de88
SHA512

82521f852947654624dfaf9cebf18a4f28ac976ea140d4653420b78ac36942b9f9f36a87a1d3d05d5da9896c1f21f48c7312b3fa90d27acf3c195647e58ff1df
SSDEEP

3072:JXSYDWGejxsHC+U4+xX8vPZk+D7hS38gcGUK5Mj8z+MqB:JXSYDCjZL4oXmhk+3hS38gcGriQiMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/binlsvc.dll

Files

f1fb4fac89efa87233ac4bfdb3febd63c0b12defd8c211d7ea40b6660e78de88N
.cab
binlsvc.dll
.dll windows:6 windows x86 arch:x86

e71e52990371806bf041fb65c8aba4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

binlsvc.pdb

Imports

msvcrt

isdigit
ferror
??1type_info@@UAE@XZ
iswctype
realloc
__badioinfo
__pioinfo
_read
_fileno
_lseeki64
isxdigit
mbtowc
__mb_cur_max
wctomb
localeconv
_iob
_snprintf
wcstombs
_itoa
_write
_isatty
ungetc
calloc
strchr
wcsncmp
bsearch
_vsnprintf
towupper
iswdigit
iswspace
iswxdigit
rand
srand
wcstoul
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_wcsupr
_wcslwr
_errno
_wtoi
_vsnwprintf
clock
_wcsnicmp
toupper
wcsrchr
wcsstr
strspn
towlower
strstr
strtol
_wcsicmp
memset
iswalnum
memcpy
_strnicmp
_stricmp
memmove
_mbslen
wcschr
strncmp
isleadbyte

advapi32

SetEntriesInAclW
RegQueryValueExW
ReportEventA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LogonUserW
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
ImpersonateLoggedOnUser
LogonUserA
GetTokenInformation
LookupAccountSidW
RevertToSelf
SystemFunction036
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegConnectRegistryW
RegSetValueExW
OpenThreadToken
OpenProcessToken
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegEnumKeyExW

dnsapi

DnsValidateName_W

kernel32

LoadResource
FindResourceExW
LoadLibraryExW
MapViewOfFile
CreateFileMappingW
FreeLibrary
GetVersionExW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
MultiByteToWideChar
DebugBreak
SleepEx
CreateSemaphoreW
LocalFree
Sleep
WaitForSingleObject
LeaveCriticalSection
ResetEvent
EnterCriticalSection
LocalAlloc
GetTickCount
SetEvent
GetLastError
CloseHandle
InterlockedIncrement
DeleteCriticalSection
GetPrivateProfileSectionW
GetPrivateProfileStringW
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSection
InterlockedDecrement
GetLocalTime
GetCurrentThreadId
CompareStringW
DnsHostnameToComputerNameW
CreateEventW
OpenEventW
DisableThreadLibraryCalls
GetTimeZoneInformation
GetLocaleInfoW
GetModuleFileNameW
GetPrivateProfileStringA
FindClose
FindNextFileW
FindFirstFileW
GetPrivateProfileSectionA
SetLastError
lstrlenW
VerSetConditionMask
GetPrivateProfileIntW
CreateDirectoryW
GetFileAttributesW
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
ReadFile
GetFileSize
CreateFileW
CopyFileW
WriteFile
FormatMessageW
FormatMessageA
GetModuleHandleW
GetComputerNameExW
SetCurrentDirectoryW
FileTimeToSystemTime
WideCharToMultiByte
SetFileAttributesW
GetSystemTimeAsFileTime
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
ReleaseSemaphore
CompareFileTime
GetFileTime
GetCurrentThread

netapi32

DsGetDcNameW
DsRoleGetPrimaryDomainInformation
NetShareGetInfo
DsGetDcNameA
NetApiBufferFree
NetUserSetInfo
DsRoleFreeMemory

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitializeEx

oleaut32

SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantTimeToSystemTime

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsUnBindA
DsCrackNamesA
DsBindW
DsFreeNameResultA
DsBindA

secur32

UnsealMessage
EnumerateSecurityPackagesW
QueryContextAttributesW
QuerySecurityPackageInfoW
SealMessage
GetComputerObjectNameW
AcquireCredentialsHandleW
AcceptSecurityContext
FreeCredentialsHandle
ImpersonateSecurityContext
RevertSecurityContext
LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification
DeleteSecurityContext
FreeContextBuffer

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupGetFieldCount
SetupGetIntField
SetupFindNextLine
SetupGetLineCountW
SetupGetLineTextW
SetupGetStringFieldW
SetupFindFirstLineW

shlwapi

StrCmpNIW

user32

wsprintfW
LoadStringW

userenv

FreeGPOListW
GetGPOListW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wldap32

ord203
ord42
ord26
ord21
ord16
ord41
ord224
ord206
ord135
ord191
ord18
ord133
ord40
ord69
ord72
ord145
ord14
ord88
ord73
ord36
ord122
ord147
ord13
ord312
ord12
ord149
ord140

ws2_32

htonl
htons
GetAddrInfoW
FreeAddrInfoW
WSAGetLastError
ntohl
inet_ntoa
ntohs

wdsimage

WdsImgGetSystemDirBasic
WdsImgGetArchitectureBasic
FindImageClose
FindNextImage
WdsImgIsBootImageBasic
WdsImgGetEnabledBasic
FindFirstImage
WdsImgGetNameBasic

rpcrt4

UuidCreate

ntdll

NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetVersion
NtCreateEvent
RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
NtQuerySystemTime
RtlUnicodeStringToInteger
RtlIntegerToUnicodeString
RtlInitAnsiString
RtlGetNtProductType
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
NlsMbCodePageTag
RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
NtDeviceIoControlFile
NtWaitForSingleObject
NtResetEvent
RtlFreeHeap
NtClose
RtlAllocateHeap
NtOpenFile
RtlGUIDFromString
NtQuerySystemInformation
RtlFreeUnicodeString
RtlStringFromGUID
DbgBreakPoint
NtOpenKey
NtEnumerateKey
NtQueryKey
NtQueryAttributesFile
NtUnloadKey
NtLoadKey
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
RtlSetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetSecurityObject
NtCreateKey
NtDeleteValueKey
NtQueryValueKey
NtSetValueKey
NtSaveKey
NtCreateFile
NtDeleteKey
LdrGetProcedureAddress
LdrGetDllHandle
NtAllocateUuids

wdspxe

PxeDhcpIsValid
PxeDhcpGetOptionValue
PxeSendReply
PxePacketFree
PxePacketAllocate
PxeRegisterCallback
PxeGetServerInfo
PxeTrace

esent

JetBeginTransaction
JetSetSystemParameter
JetInit
JetTerm
JetGetTableColumnInfo
JetRetrieveColumns
JetGotoSecondaryIndexBookmark
JetGetSecondaryIndexBookmark
JetRetrieveColumn
JetPrepareUpdate
JetSetColumn
JetUpdate
JetGotoBookmark
JetSetIndexRange
JetMakeKey
JetSeek
JetSetCurrentIndex
JetCreateTable
JetOpenTable
JetCreateIndex
JetAddColumn
JetCloseTable
JetBeginSession
JetCreateDatabase
JetOpenDatabase
JetEndSession
JetCommitTransaction
JetRollback
JetDelete
JetMove
JetIndexRecordCount
JetAttachDatabase
JetCloseDatabase

wdscsl

WdsCpParameterAdd
WdsCpPacketInitialize
WdsCpParameterQuery
WdsCpParameterValidate
WdsCpRecvPacketInitialize
WdsCpPacketRelease
WdsCpPacketGetBuffer
WdsClientInitializeLibrary

wdssrv

WdsSendPulse
WdsPacketFree
WdsImpersonateClient
WdsRevertToSelf
WdsRegisterCallback
WdsEndpointOpen
WdsSetEndpointSecurity
WdsEndpointClose
WdsSendReply
WdsChangeTimer
WdsDeleteTimer
WdsCreateTimer

Exports

Exports

BinlState
NetInfEnumFiles
ProcessBinlDiscoverInDhcp
ProcessBinlRequestInDhcp
PxeProviderInitialize
TellBinlState
WdsProviderInitialize

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e71e52990371806bf041fb65c8aba4a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

dnsapi

kernel32

netapi32

ole32

oleaut32

ntdsapi

secur32

setupapi

shlwapi

user32

userenv

version

wldap32

ws2_32

wdsimage

rpcrt4

ntdll

wdspxe

esent

wdscsl

wdssrv

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.data Size: 1KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 246KB - Virtual size: 245KB

.data
Size: 1KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB