79fa3eaa1f9931a964a53bad6bccc929[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

79fa3eaa1f9931a964a53bad6bccc929.bin
Size

50KB
MD5

72cd099a2975d98194281e436002ff34
SHA1

2c75043119102fca4c54fc35cc83b2c482fb3132
SHA256

2222e6e910e3a86c9032e3d35e1a363b385d187b9ea2b3b534297cdc4e016927
SHA512

006d8ed2f1470ba80bc0ed770da982ae2b8bdfe3465bf886231c9f613b0460a2bca6b0f90969e3b4fd3b97f8b8d5ead5dffdb49302477babd42069212136672f
SSDEEP

1536:y6PdahqosmDb2IBiwdeq8glAVyfkXA0hpzPC:y1Vf2IBiwde68zPC

Score

1^/10

Malware Config

Signatures

Files

79fa3eaa1f9931a964a53bad6bccc929.bin
.zip

Password: infected
ab594af5526d3e975d1a0139bbdc6fdafa65149fa5fc78b4607f79016a5915b9.exe
.exe windows x64

Password: infected

8f7812304a50d28fbf942dd7a82b9228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemWow64DirectoryA
LoadLibraryW
Sleep
SizeofResource
GetSystemDirectoryA
GetLastError
GetProcAddress
SetFileAttributesA
Process32FirstW
LockResource
GetModuleFileNameA
Process32NextW
WriteFile
CloseHandle
GetTempPathA
LocalFileTimeToFileTime
FreeLibrary
WaitForSingleObject
CreateRemoteThread
OpenProcess
GetSystemDirectoryW
VirtualFreeEx
GetVersionExW
VirtualAllocEx
WriteProcessMemory
GetWindowsDirectoryA
SetFileTime
GetModuleHandleW
GetCurrentProcess
SystemTimeToFileTime
LoadResource
FindResourceW
FreeResource
CreateToolhelp32Snapshot
CreateFileA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId

advapi32

RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
LookupPrivilegeValueW
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteW

msvcr90

_swprintf
_wcsicmp
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
strrchr
fwrite
fopen
remove
_errno
malloc
free
sprintf
memset
fclose
memcpy

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8f7812304a50d28fbf942dd7a82b9228

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcr90

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 1024B - Virtual size: 672B

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 1024B - Virtual size: 672B

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 512B - Virtual size: 72B