f6536f7fe9feef17adc493638395555b[.]bin | Triage

Sharing

General

Target

f6536f7fe9feef17adc493638395555b.bin
Size

46KB
MD5

ce8f0c41a6e4685d12d547ea55359ec0
SHA1

6e7e3beeba57701d69f805fb5843cb5ecb91beef
SHA256

9a77a4a3ce18eb96cc266f0a7a41528c71a8b6aaf8bd11217b1df2baad16a2ff
SHA512

48bdbfb0c6e107933ec3167e934ddf76985ed426212d1c025602e06f7a43f7bfb0510d2d2dcefe643657af78e190f8968e0e4f5e2be368768eda4f2de514674f
SSDEEP

768:tPWawj6Z6AQx4PBbH2+uxVxqK3qaPpXHwqBq3DhDP/KJB7MI+Zh4s5yrlWREH5vK:RWBj6EYBbbKqK6qXHdw3DVSNMI+Zhh5X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe

Files

f6536f7fe9feef17adc493638395555b.bin
.zip

Password: infected
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe
.exe windows x86

Password: infected

1487c4c5076ffe9457791bd5690f2a3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memmove
_CIasin
_CIatan2
memcpy
strncpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
LoadLibraryA
GetProcAddress
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapFree
ReadFile
HeapReAlloc
HeapAlloc

Sections

.code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ