bfc1b0937414bddb5c550328d5b838c5505f94c0ef1b086c1df78aa98e7fa317[.]bin

General

Target

bfc1b0937414bddb5c550328d5b838c5505f94c0ef1b086c1df78aa98e7fa317.bin
Size

255KB
MD5

f0aff4ca555fe70f4a8d753df7dc1206
SHA1

dc2b377d4418a64bc32b672a45c0f2147fd7e035
SHA256

bfc1b0937414bddb5c550328d5b838c5505f94c0ef1b086c1df78aa98e7fa317
SHA512

c0b81047cb0a60c3b14cd196cc2584da89b622df2fcea86f2b76b814b41dabe6eefa0e5381025871ffb9d25825eba245213cb4dcc5ce8e67782e2e81aca870b1
SSDEEP

6144:E09aJ1km28rZrhRgx3juebQKymBj1gAh35S2nrL9XE3XP:EtJu/cFejueMUp13hpS2nNQXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/889a71d665a1a9b23874126642b48bd14b7e2120c35a66ac4f93723fcd1df1af

Files

bfc1b0937414bddb5c550328d5b838c5505f94c0ef1b086c1df78aa98e7fa317.bin
.7z

Password: infected
889a71d665a1a9b23874126642b48bd14b7e2120c35a66ac4f93723fcd1df1af
.exe windows x86

563351db567938408193f47fa02c26d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
SetVolumeMountPointW
GetConsoleAliasesA
WideCharToMultiByte
LoadLibraryW
LeaveCriticalSection
HeapValidate
WriteConsoleW
ReplaceFileW
GetAtomNameW
ExitThread
LCMapStringA
GetPrivateProfileIntW
GetLastError
GetProcAddress
GetDefaultCommConfigW
SetStdHandle
LoadLibraryA
LocalAlloc
SetCalendarInfoW
WriteProfileSectionW
GetModuleFileNameA
FindFirstChangeNotificationA
EnumResourceNamesA
GetConsoleTitleW
LocalFree
VirtualAlloc
SetFilePointer
GetStartupInfoW
HeapAlloc
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapFree
CloseHandle
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
HeapSize
CreateFileA

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

563351db567938408193f47fa02c26d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 320KB - Virtual size: 319KB

.data Size: 25KB - Virtual size: 2.1MB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 320KB - Virtual size: 319KB

.data
Size: 25KB - Virtual size: 2.1MB

.rsrc
Size: 27KB - Virtual size: 27KB