Bind.exe

Status: finished

Submission Time: 2025-02-16 08:07:22 +01:00

Malicious

Ransomware

Trojan

Spyware

Exploiter

Evader

Comments

Details

Analysis ID:
1616219
API (Web) ID:
1616219
Analysis Started:

2025-02-16 08:07:22 +01:00
Analysis Finished:

2025-02-16 08:19:34 +01:00
MD5:
37af99b1809d1fe992711765dd771dc1
SHA1:
5340d8432ccf0831291e8370eb22a7b7e3851a4d
SHA256:
9d09a10bfa2aeb89aba5e20e88fb4fc1f56392d859d0592db66221a9f00000c4
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/72

malicious

Score: 19/37

IPs

IP	Country	Detection
208.95.112.1	United States
149.154.167.220	United Kingdom
34.117.59.81	United States
Click to see the 3 hidden entries
185.199.108.133	Netherlands
140.82.121.3	United States
45.112.123.227	Singapore

Domains

Name	IP	Detection
github.com	140.82.121.3
ipinfo.io	34.117.59.81
raw.githubusercontent.com	185.199.108.133
Click to see the 3 hidden entries
ip-api.com	208.95.112.1
store1.gofile.io	45.112.123.227
api.telegram.org	149.154.167.220

URLs

Name	Detection
https://github.com/nvslks/g/raw/refs/heads/g/1.zip$
https://github.com/nvslks/g/raw/refs/heads/g/1.zip0
https://issuetracker.google.com/issues/166475273
Click to see the 97 hidden entries
http://anglebug.com/4836
http://anglebug.com/3862
http://ip-api.com/json
http://anglebug.com/5007
http://anglebug.com/3624
http://anglebug.com/3625
https://tools.ietf.org/html/rfc7578#section-4.4
http://anglebug.com/3623
http://anglebug.com/3502
https://github.com/nvslks/g/raw/refs/heads/g/1.zip%
https://github.com/nvslks/g/raw/refs/heads/g/1.zip.
https://issuetracker.google.com/258207403
http://anglebug.com/6692
https://badges.gitter.im/Join%20Chat.svg
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
http://go.microsoft.ce
https://api.telegram.org/bot7431339457:AAEnpdSnaP2aZkEkeMP1yUzYYgA-ixd-nMs/sendDocument
https://github.com/nvslks/g/raw/refs/heads/g/1.zipE;.
http://go.microsoft.c
http://anglebug.com/7556
http://schemas.xmlsoap.org/wsdl/
http://anglebug.com/4722
https://github.com/nvslks/g/raw/refs/heads/g/1.zip9p
http://anglebug.com/6439
http://anglebug.com/3965
https://github.com/nvslks/g/raw/refs/heads/g/1.zipc
http://anglebug.com/5901
http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
http://mail.python.org/pipermail/python-bugs-list/2001-January/003752.html
http://anglebug.com/7760
http://anglebug.com/7761
https://bugs.python.org/issue32751
https://anglebug.com/7604
https://bugs.python.org/issue29585
https://codecov.io/gh/aio-libs/aiosignal/branch/master/graph/badge.svg
https://pypi.org/project/aiosignal
https://github.com/nvslks/g/raw/refs/heads/g/1.zipN
https://github.com/nvslks/g/raw/refs/heads/g/1.zipU
https://badge.fury.io/py/aiosignal.svg
https://github.com/nvslks/g/raw/refs/heads/g/1.zip
http://www.iana.org/time-zones/repository/tz-link.html
http://anglebug.com/3970
https://aiosignal.readthedocs.io/
http://anglebug.com/4384
https://github.com/nvslks/g/
https://www.spotify.com/api/account-settings/v1/profile
https://nuget.org/nuget.exe
https://anglebug.com/7246
https://github.com/aio-libs/aiosignal/workflows/CI/badge.svg
https://github.com/nvslks/g/raw/refs/heads/g/1.zipuserdomain=user-PCuserdomain_roamingprofile=EN
https://issuetracker.google.com/255411748
http://json.org
https://github.com/nvslks/g/raw/refs/heads/g/1.zip-f
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://anglebug.com/5281
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
http://anglebug.com/6929
https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&ba
http://anglebug.com/6248
https://gitter.im/aio-libs/Lobby
https://api.telegram.org/bot7431339457:AAEnpdSnaP2aZkEkeMP1yUzYYgA-ixd-nMs/sendMessage
https://github.com/nvslks/g/raw/refs/heads/g/1.zipUSERDOMAIN=ENA
https://go.microsof
https://anglebug.com/7714
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
http://www.chambersign.org1
https://issuetracker.google.com/284462263
https://tiktok.com/
https://anglebug.com/7382
http://anglebug.com/4633
https://github.com/urllib3/urllib3/issues/2168z(Andrey
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
http://anglebug.com/5371
http://anglebug.com/5375
https://bugs.python.org/issue40607
http://anglebug.com/7553
http://anglebug.com/3078
http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
https://img.shields.io/discourse/topics?server=https%3A%2F%2Faio-libs.discourse.group%2F
https://gist.github.com/4325783
https://github.com/Pester/Pester
http://sourceware.org/pthreads-win32/manual/pthread_barrier_init.html
https://issuetracker.google.com/161903006
https://docs.aiosignal.org
https://account.riotgames.com/api/account/v1/user
https://github.com/nvslks/g/raw/refs/heads/g
http://crl.ver)
http://php.net/manual/en/function.version-compare.php
https://github.com/nvslks/g/raw/
https://contoso.com/Icon
http://www.apache.org/licenses/LICENSE-2.0.html
http://bugs.python.org/issue14396.
https://github.com/nvslks/g/raw/refs/heads/g/1.zipUSERDOMAIN=EN
https://anglebug.com/7489
http://pesterbdd.com/images/Pester.png
https://anglebug.com/7369

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\Lib\site-packages\cryptography\hazmat\bindings\_rust.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_zoneinfo.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\libcrypto-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
Click to see the 58 hidden entries
C:\Users\user\AppData\Local\Temp\DLLs\libffi-8.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\libssl-1_1.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\pyexpat.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\select.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\sqlite3.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\unicodedata.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\_cffi_backend.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\aiohttp\_http_parser.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\aiohttp\_http_writer.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\aiohttp\_websocket\mask.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\aiohttp\_websocket\reader_c.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\charset_normalizer\md.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\charset_normalizer\md__mypyc.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_uuid.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\propcache\_helpers_c.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Lib\site-packages\yarl\_quoting_c.cp311-win_amd64.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Unknown_0.0.0.0_files\Desktop\EFOYFBOLXA.pdf	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Unknown_0.0.0.0_files\Desktop\PALRGUCVEH.pdf	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Unknown_0.0.0.0_files\Desktop\PIVFAGEAAV\EEGWXUHVUG.jpg	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Unknown_0.0.0.0_files\Desktop\PIVFAGEAAV\PIVFAGEAAV.docx	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Unknown_0.0.0.0_files\Desktop\PIVFAGEAAV\SQSJKEBWDT.pdf	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\python311.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\svchost.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\vcruntime140.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\vcruntime140_1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\zf0di4tr\zf0di4tr.cmdline	Unicode text, UTF-8 (with BOM) text, with very long lines (610), with no line terminators	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	data	#
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	data	#
C:\Users\user\AppData\Local\Temp\DLLs\_lzma.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Cookies.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\Browsers\Firefox\History.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\network_info.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\process_info.txt	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\4D802742-3099-9C0E-C19B-2A23EA1FC420\system_info.txt	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\4g5h790g2345h7890g2345h90g2345h-890v2345hf789-3v5h.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
C:\Users\user\AppData\Local\Temp\64b8982d-8f48-4075-beda-04cdf8b5dd32\g.bat	DOS batch file, ASCII text	#
C:\Users\user\AppData\Local\Temp\DLLs\_asyncio.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_bz2.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_ctypes.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_ctypes_test.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_decimal.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_elementtree.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_hashlib.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bind.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\DLLs\_msi.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_multiprocessing.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_overlapped.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_queue.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_socket.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_sqlite3.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_ssl.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testbuffer.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testcapi.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testconsole.pyd	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testimportmultiple.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testinternalcapi.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_testmultiphase.pyd	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DLLs\_tkinter.pyd	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#

Deep Malware Analysis

Bind.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

Bind.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Bind.exe