e6f3212045537134b2f5ff7290241af1[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e6f3212045537134b2f5ff7290241af1.bin
Size

2.9MB
MD5

2bb6bded00e4bab3736d5b5a267d1d3f
SHA1

0e0d9a0fd0ec780c00c835f08cd9555b5f470f4a
SHA256

e636290a2ebf939780fa3fb1ddfbe1296130808a0c0ca6e319b1c7196cf95a27
SHA512

786db3d24afedbde0a43f343e073a872a46ce5225ede82fe7560d3d7a35eeeab4a823817a3ca3007ab4928e6a72c6bed3b9b51f1c832823685e5d31622d60c5c
SSDEEP

49152:MbZqQvYJb4wpVRIx4Su02L+cokSBQJ6zoo39k40Yun9UG9l9kItlDG5Z2JPISLOh:MF0/pkx4H02zJSBk6cov5un9UGX9ksKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/InsstallingFileX64_1.exe
unpack002/rydg86x.dll

Files

e6f3212045537134b2f5ff7290241af1.bin
.zip

Password: infected
d7d777bc94b68f632b4d8254c69cbf7bb4d21463ddc0127b629a6946b068b862.zip
.zip

Password: infected
InsstallingFileX64_1.exe
.exe windows:4 windows x86 arch:x86

Password: infected

c5f007d8b18bcbad46e32bcb4d2d28aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CloseHandle
EnumResourceNamesExA
GetNumaAvailableMemoryNodeEx
InitOnceInitialize
InitializeCriticalSectionAndSpinCount
WerGetFlags
WinExec

msvcrt

__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

avrt

AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

evr

MFConvertToFP16Array
MFCopyImage
MFCreateVideoMediaTypeFromSubtype
MFGetPlaneSize
MFGetUncompressedVideoFormat
MFInitVideoFormat_RGB
MFIsFormatYUV

msacm32

acmDriverDetailsW
acmFilterChooseW
acmFilterDetailsA
acmFilterTagDetailsA
acmFormatTagEnumA
acmGetVersion
acmStreamMessage
acmStreamUnprepareHeader

msi

MsiAdvertiseScriptW
MsiBeginTransactionW
MsiCloseHandle
MsiDatabaseMergeA
MsiGetLanguage
MsiProvideQualifiedComponentW
MsiSetPropertyW
MsiSourceListClearAllW
MsiUseFeatureExW

rpcrt4

RpcMgmtEpEltInqBegin
RpcMgmtInqServerPrincNameW
RpcMgmtStatsVectorFree
RpcServerInqBindings
RpcServerInqDefaultPrincNameA
RpcSmEnableAllocate
RpcUserFree

rtm

MgmDeRegisterMProtocol
MgmGetMfe
MgmReleaseInterfaceOwnership
RtmDeleteRouteList
RtmGetRouteInfo
RtmHoldDestination
RtmIsMarkedForChangeNotification
RtmReleaseChangedDests
RtmReleaseEntities

tdh

TdhEnumerateProviderFieldInformation
TdhEnumerateProviders
TdhFormatProperty
TdhGetEventInformation
TdhGetEventMapInformation
TdhGetProperty
TdhGetPropertySize
TdhLoadManifest
TdhQueryProviderFieldInformation

user32

AnyPopup
CreatePopupMenu
DefRawInputProc
DisplayConfigGetDeviceInfo
GetClassInfoA
GetDesktopWindow
RealChildWindowFromPoint
SetWindowTextA

wecapi

EcGetObjectArraySize
EcGetSubscriptionRunTimeStatus
EcOpenSubscription
EcOpenSubscriptionEnum
EcRemoveObjectArrayElement
EcSetSubscriptionProperty

wtsapi32

WTSConnectSessionA
WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSGetListenerSecurityW
WTSRegisterSessionNotificationEx
WTSStartRemoteControlSessionW
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelPurgeInput
WTSWaitSystemEvent

rydg86x

jWPMrBGCBakDHjDZ

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 188B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 50.0MB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rydg86x.dll
.dll windows:4 windows x86 arch:x86

Password: infected

139dc511637680c7198a623e7d67c45f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CloseHandle
EnumResourceNamesExA
GetNumaAvailableMemoryNodeEx
InitOnceInitialize
InitializeCriticalSectionAndSpinCount
WerGetFlags
WinExec

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

avrt

AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

evr

MFConvertToFP16Array
MFCopyImage
MFCreateVideoMediaTypeFromSubtype
MFGetPlaneSize
MFGetUncompressedVideoFormat
MFInitVideoFormat_RGB
MFIsFormatYUV

msacm32

acmDriverDetailsW
acmFilterChooseW
acmFilterDetailsA
acmFilterTagDetailsA
acmFormatTagEnumA
acmGetVersion
acmStreamMessage
acmStreamUnprepareHeader

msi

MsiAdvertiseScriptW
MsiBeginTransactionW
MsiCloseHandle
MsiDatabaseMergeA
MsiGetLanguage
MsiProvideQualifiedComponentW
MsiSetPropertyW
MsiSourceListClearAllW
MsiUseFeatureExW

rpcrt4

RpcMgmtEpEltInqBegin
RpcMgmtInqServerPrincNameW
RpcMgmtStatsVectorFree
RpcServerInqBindings
RpcServerInqDefaultPrincNameA
RpcSmEnableAllocate
RpcUserFree

rtm

MgmDeRegisterMProtocol
MgmGetMfe
MgmReleaseInterfaceOwnership
RtmDeleteRouteList
RtmGetRouteInfo
RtmHoldDestination
RtmIsMarkedForChangeNotification
RtmReleaseChangedDests
RtmReleaseEntities

tdh

TdhEnumerateProviderFieldInformation
TdhEnumerateProviders
TdhFormatProperty
TdhGetEventInformation
TdhGetEventMapInformation
TdhGetProperty
TdhGetPropertySize
TdhLoadManifest
TdhQueryProviderFieldInformation

user32

AnyPopup
CreatePopupMenu
DefRawInputProc
DisplayConfigGetDeviceInfo
GetClassInfoA
GetDesktopWindow
RealChildWindowFromPoint
SetWindowTextA

wecapi

EcGetObjectArraySize
EcGetSubscriptionRunTimeStatus
EcOpenSubscription
EcOpenSubscriptionEnum
EcRemoveObjectArrayElement
EcSetSubscriptionProperty

wtsapi32

WTSConnectSessionA
WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSGetListenerSecurityW
WTSRegisterSessionNotificationEx
WTSStartRemoteControlSessionW
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelPurgeInput
WTSWaitSystemEvent

Exports

Exports

jWPMrBGCBakDHjDZ

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 825KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 172B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35.0MB - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

c5f007d8b18bcbad46e32bcb4d2d28aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

avrt

evr

msacm32

msi

rpcrt4

rtm

tdh

user32

wecapi

wtsapi32

rydg86x

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: 512B - Virtual size: 48B

.rdata Size: 2KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 188B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 50.0MB - Virtual size: 600B

Password: infected

139dc511637680c7198a623e7d67c45f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

avrt

evr

msacm32

msi

rpcrt4

rtm

tdh

user32

wecapi

wtsapi32

Exports

Exports

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.data Size: 825KB - Virtual size: 825KB

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 172B

.edata Size: 512B - Virtual size: 82B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 35.0MB - Virtual size: 556B

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 2KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 188B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 50.0MB - Virtual size: 600B

.text
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 825KB - Virtual size: 825KB

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 172B

.edata
Size: 512B - Virtual size: 82B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 35.0MB - Virtual size: 556B