General
-
Target
CryptOne_Exec_6096eceeda80292c3b8c9e0287e0d2d56c42928f8bd8b155b89a15ae2c301690.bin
-
Size
56KB
-
MD5
7a2bee524416775d2d9fe309502a1cc3
-
SHA1
7fcfc20753c394a6d0cdf65463462581cf4cbde5
-
SHA256
494ab44bb96537fc8a3e832e3cf032b0599501f96a682205bc46d9b7744d52ab
-
SHA512
e48c19bad257edfaba665ff613882eeba9d71f0df4ddf64ae785fdd3698143e97320fefcdb49a859a9c06b4b00bffbb0fc518e46b92400e8fc8d1dde45706db2
-
SSDEEP
768:BfOKi+7erib7i6DcJKUU1HTbqHymKYGkXFnGeAwb2cDMaTji5w4AfY1WABS9MZmk:1ev2XW8x91WSSI15rJCvUnGlJworQ
Malware Config
Extracted
raccoon
afb5c633c4650f69312baef49db9dfa4
http://193.56.146.177
Signatures
-
Raccoon family
Files
-
CryptOne_Exec_6096eceeda80292c3b8c9e0287e0d2d56c42928f8bd8b155b89a15ae2c301690.bin.exe windows x86
94482195a14b2f0ff3fd77f07609274d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
LoadLibraryW
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ