1dcdd77ba8afe481b4af754876f70ee8[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1dcdd77ba8afe481b4af754876f70ee8.bin
Size

2.6MB
MD5

4e6663546ed66fc6595a7d4644b4541a
SHA1

2836c46eb80fac9e80b89359d16d5601c3e9e6f1
SHA256

ff9fcf5dac1d914f13ab29d508c0470be5f5ded53f4925b6a0fd9d4356df78fb
SHA512

d2173ba7b431763fba6c0fb035a1a86cd64019e6cc8e9f153339342e5237bd50dff081fb8a4b2f71a5b57c206681b3ba8cbed4416dfa2352c4976b96baa0df5c
SSDEEP

49152:BUY2ChPtCq+4XEomWdL4LqB9A0UnBE6sOmi0aCdmahHMA+xQTZ/KG4Dsl:BFpMq+yTdL4LqkFBGbaKxMAT/KG4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e5f2c31e3b741665821670118a78692cd1f44a349ad20007c0628fa3fb307734.exe

Files

1dcdd77ba8afe481b4af754876f70ee8.bin
.zip

Password: infected
e5f2c31e3b741665821670118a78692cd1f44a349ad20007c0628fa3fb307734.exe
.exe windows:6 windows x64 arch:x64

Password: infected

78bbdb4b113bfc6f56d7405a719a03a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ALLLLREALSHY\src\สำหรับสายเดิมพัน Bet\SBAGGY2\SBAGGY\examples\example_win32_directx11\Build\example_win32_directx11.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
AreFileApisANSI
SleepConditionVariableSRW
GetFileAttributesExW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetLastError
SetLastError
VirtualQueryEx
Module32NextW
Module32FirstW
ReadProcessMemory
WriteProcessMemory
GetTickCount
CloseHandle
Process32FirstW
OutputDebugStringW
Process32NextW
CreateToolhelp32Snapshot
SetUnhandledExceptionFilter
CheckRemoteDebuggerPresent
IsDebuggerPresent
GetModuleHandleW
GetThreadContext
LoadLibraryW
GetSystemInfo
GetCurrentThread
CreateFileA
Sleep
FindFirstFileW
FindClose
CreateDirectoryW
GetLocaleInfoEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
QueryFullProcessImageNameW
GetModuleFileNameA
CreateFileMappingW
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
HeapSize
GetFileSizeEx
ReadFile
OpenProcess
TerminateProcess
VirtualAlloc
GetCurrentProcess
VirtualFree
VirtualProtect
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileW
GlobalAlloc
MultiByteToWideChar
HeapDestroy

user32

GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
GetKeyState
FindWindowA
GetWindowThreadProcessId
FindWindowW
UpdateWindow
PostQuitMessage
LoadIconW
TranslateMessage
MoveWindow
MessageBoxA
SetWindowDisplayAffinity
PeekMessageW
CreateWindowExW
DispatchMessageW
GetAsyncKeyState
ShowWindow
DefWindowProcW
GetWindowRect
DestroyWindow
MessageBoxW
RegisterClassExW
GetSystemMetrics
UnregisterClassW
SetClipboardData

comdlg32

GetOpenFileNameW

advapi32

CryptGetHashParam
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegEnumValueA
OpenProcessToken

shell32

ShellExecuteW
ShellExecuteA

msvcp140

?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_lock
_Thrd_id
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Mtx_unlock
_Thrd_join
_Query_perf_counter

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

normaliz

IdnToAscii

wldap32

ord79
ord30
ord35
ord33
ord32
ord27
ord26
ord143
ord217
ord46
ord211
ord60
ord45
ord22
ord41
ord50
ord200
ord301

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertOpenStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCloseStore
PFXImportCertStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine

ws2_32

accept
closesocket
recv
send
htonl
listen
ioctlsocket
WSAStartup
WSAGetLastError
bind
__WSAFDIsSet
connect
getpeername
select
getsockname
getsockopt
getaddrinfo
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
freeaddrinfo
ntohl
gethostname
sendto
recvfrom
WSACleanup

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__intrinsic_setjmp
__current_exception_context
__current_exception
strchr
_CxxThrowException
memcmp
memchr
memset
memmove
memcpy
longjmp
strrchr
__C_specific_handler
strstr
__std_terminate

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_set_fmode
_lseeki64
fread
__stdio_common_vsscanf
__p__commode
feof
fflush
fputs
fopen
_read
_write
_wfopen
_open
__stdio_common_vfprintf
ftell
_pclose
fgets
fseek
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
_close
fwrite
fgetc
__acrt_iob_func
fputc
_popen
fclose

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-string-l1-1-0

strcmp
_strdup
strncmp
strncpy
tolower
strpbrk
isupper
strcspn
strspn
_wcsicmp

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free
realloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_errno
_beginthreadex
abort
strerror
__sys_nerr
_invalid_parameter_noinfo
_resetstkoflw
exit
_invalid_parameter_noinfo_noreturn
_wassert
_register_thread_local_exe_atexit_callback
_c_exit
_getpid
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
system

api-ms-win-crt-convert-l1-1-0

atoi
strtol
atof
strtoll
strtoull
strtoul
strtod
strtof

api-ms-win-crt-filesystem-l1-1-0

_stat64
_lock_file
_unlock_file
_fstat64
_access
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

acosf
_hypotf
_dclass
__setusermatherr
ceilf
cos
cosf
fmodf
powf
roundf
sin
sinf
sqrtf

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

78bbdb4b113bfc6f56d7405a719a03a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

imm32

dwmapi

d3dx11_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 341KB - Virtual size: 341KB

.data Size: 2.1MB - Virtual size: 2.1MB

.pdata Size: 54KB - Virtual size: 54KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 341KB - Virtual size: 341KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.pdata
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 6KB - Virtual size: 6KB