d6791f5166582e12c4e6d535de8fa13a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d6791f5166582e12c4e6d535de8fa13a.bin
Size

276KB
MD5

691172e4d07257d8a8d0500016684e65
SHA1

311e2ee8a3dd39b147e422590699b3268ea60655
SHA256

ba6d5fdea15b75bf3be3c349b436a76ccf63e14a1bab58db0302914a86e1d757
SHA512

7dd3399c42c7fc196c10e9b5004b66da9bcc0b72c5099d8f4817fc3966329ac18af9e91ef0bfdacba66e59864c2a89d7ca8194be0eab0f8a6b6058a3ce479286
SSDEEP

6144:U3X5K3iG4xNbHb7NAgCeRT/7n/I4CAgdfxaXQ7CwAr501JoD:U39GetseV/PvsgQ7UrG6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bc929e2f5df5f8c123524a3d423a7ac3463e952e92a0fb24e293d415ffab7f32.exe

Files

d6791f5166582e12c4e6d535de8fa13a.bin
.zip

Password: infected
bc929e2f5df5f8c123524a3d423a7ac3463e952e92a0fb24e293d415ffab7f32.exe
.exe windows x86

Password: infected

8e1291b1baddb8fcca0899ad3cc587e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetDriveTypeW
GetConsoleAliasExesLengthA
BuildCommDCBAndTimeoutsA
EnumCalendarInfoW
GetCommState
InterlockedDecrement
GetNamedPipeHandleStateA
GetModuleHandleW
GetTickCount
SetProcessPriorityBoost
GetEnvironmentStrings
LoadLibraryW
InterlockedPopEntrySList
GetFileAttributesA
SetConsoleMode
GetFileAttributesW
lstrcatA
GetOverlappedResult
GetVolumePathNameA
FindNextVolumeMountPointW
SetTapePosition
GetStringTypeExA
EnumSystemLocalesA
GetPrivateProfileIntW
GlobalUnfix
ReleaseActCtx
GetStdHandle
GetLastError
GetProcAddress
BeginUpdateResourceW
CreateJobSet
SetComputerNameA
WriteConsoleA
UnhandledExceptionFilter
GetConsoleScreenBufferInfo
LocalAlloc
RemoveDirectoryW
SetThreadIdealProcessor
GetModuleFileNameA
FindNextFileA
EnumDateFormatsA
CreateMutexA
FreeEnvironmentStringsW
GetConsoleTitleW
SetCalendarInfoA
SetFileShortNameA
TerminateJobObject
FindAtomW
GetVolumeNameForVolumeMountPointW
DeleteFileW
DebugBreak
SetFilePointer
WriteConsoleW
FlushFileBuffers
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
DeleteFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameW
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CloseHandle
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
CreateFileW

user32

GetMenu
DefDlgProcW

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zulefac
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8e1291b1baddb8fcca0899ad3cc587e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 213KB - Virtual size: 3.8MB

.zulefac Size: 94KB - Virtual size: 93KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 213KB - Virtual size: 3.8MB

.zulefac
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 60KB - Virtual size: 59KB