05aa77273fbe5efb245560f519cddded[.]bin[.]bin | Triage

Sharing

General

Target

05aa77273fbe5efb245560f519cddded.bin.bin
Size

98KB
MD5

1fa6519caf85f37263c87585948ff349
SHA1

a36a27345c89f767de904f70ad7e87c1a6804b4c
SHA256

2134b6ec8c8c2be521cc27f829608d56a4bf79857484d58da98dfd886782f196
SHA512

705e59fed91e2e3df2d5dcc06b53f69b74a11a4079d160bc193f35afb5c747cc9d07d502f2fe758505bbd21ce3b4a05175a335323cbceb658d415b430dfb2b6c
SSDEEP

3072:nIToefDV5RkyfYwpnbyPe7XWxu8Hr/J3R0:nIToef55yorby+XWxFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/f3b60b9fb81de5df1dad130e2f384654f4cfc532bfe38f9719b6e43647334dc4.exe

Files

05aa77273fbe5efb245560f519cddded.bin.bin
.zip

Password: infected
f3b60b9fb81de5df1dad130e2f384654f4cfc532bfe38f9719b6e43647334dc4.exe
.exe windows x86

65bf5cfe10d8c98f9683c9cde4453332

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
CloseHandle
DeleteFileA
DeleteFileA
GetModuleHandleW
GetProcessHeap
GetConsoleTitleA
CreateDirectoryA
CreateFileMappingW
GetStringTypeW
DeleteFileA
HeapCreate
SetEnvironmentVariableA
SetCurrentDirectoryA
GetModuleHandleA
GetStdHandle
GetStringTypeW
GetLastError
HeapFree
GetShortPathNameW
GetProcessHeap
GetVersion
GetExitCodeProcess

mstscax

DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
DllGetTscCtlVer

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dataz
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rs
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ