38f000bacf037f9489db983e5e409da3[.]bin | Triage

Sharing

General

Target

38f000bacf037f9489db983e5e409da3.bin
Size

6.2MB
MD5

cd06d820f9dbdfe6ef0b797a218deb37
SHA1

2420543702361fda8e90bb61448953d2d2b6c2a7
SHA256

6dc871d7f10e6e2293833f8362c876010288c31f585bbc78179ac3151697988e
SHA512

7cc13075dd3abd0386c4ec4fd45743b6fcf0f9dedf1091c88b6398094e492c9d804be982b56a1ebb3f04fd15ad9d6a32956dceee0bc112e1118226095c75ab35
SSDEEP

196608:C0sSSwsuvL/jHH+WIdJ9lXb0YH4VfQtVAlGkth/:C0sVuzzZqTLp6EiGwh/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b0b206e8239e1e93f5c3cbedb8a25b585d5f7d148524fbdbbfc8085cc26f1ca5.exe

Files

38f000bacf037f9489db983e5e409da3.bin
.zip

Password: infected
b0b206e8239e1e93f5c3cbedb8a25b585d5f7d148524fbdbbfc8085cc26f1ca5.exe
.exe windows x86

e02b276fa1385eca0c7dc7a4b0d621ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
CharUpperBuffW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ