f778a9b4ae7faba9c4a991864f7d51c2[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f778a9b4ae7faba9c4a991864f7d51c2.bin
Size

17KB
MD5

cbd518e83984112f4e65b4e75d7229ca
SHA1

f019b3af579f018a4064235591d3d95e51c50de9
SHA256

5da14fc7b5b35b9e00a59badcd15c84339ad9adbecfe91c89f6c1ef4ccd9d137
SHA512

ebf0b1953febff55af7ca3f8075e8bf3d21d4437c9af6f83ceb9e678b444e5910e08ca2b54467be6e1724cc4eb54d5c27f61120fe780e53d89e218a7e5d5cc28
SSDEEP

384:Tft0VZfOF9ShN/o87KE5zDPAxHT1CVvxSecNzPBtbeEZg2WaS:Tl0VsuhNwPlT1kgeESHaS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9e741bbca30380dd6f62954ca9e1c9d2a6270e00c92ce11ff18956dfe0ff2f20.exe

Files

f778a9b4ae7faba9c4a991864f7d51c2.bin
.zip

Password: infected
9e741bbca30380dd6f62954ca9e1c9d2a6270e00c92ce11ff18956dfe0ff2f20.exe
.dll regsvr32 windows x64

Password: infected

b79c11cdf3e82702b3d0b272d133abea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcatW
lstrcatA
Sleep
CreateThread
ExitProcess
HeapAlloc
GetLastError

user32

wsprintfW

advapi32

GetUserNameA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString

Exports

Exports

DllRegisterServer
EntryFunct

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ