49bd552ef6ede8cd0d8844dd5c80db8b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

49bd552ef6ede8cd0d8844dd5c80db8b.bin
Size

172KB
MD5

d7a197f0c4aedfca4a0667742e053357
SHA1

5afeab186c90040f3b1999b6daa3247e876db4fe
SHA256

212d2b0dc02378c64d46b070ee9b0b0d2770249ffc01481a1534ee6a8eea8892
SHA512

49dde5c23bb3c462346fe613b0793aa34892b7813caaba81ceb70c8d44089e90d8b578fac235486fac471f34f4ef5dad0a69242de5b51784b0d4dae66ae4826e
SSDEEP

3072:MQEXLNY9T7zpWbfsgkX56tRCu08IH/xWLlgdmgcapSt0LEJPRsu5RLoBK5zC5EZ:MQysTPYjdkXs08IH/xWLJgZpnLEJJTrX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca47f0125b1ac75f9ac03bae0e548931a846997b466ffcea94a6983ad054e109.exe

Files

49bd552ef6ede8cd0d8844dd5c80db8b.bin
.zip

Password: infected
ca47f0125b1ac75f9ac03bae0e548931a846997b466ffcea94a6983ad054e109.exe
.exe windows x86

Password: infected

fec1eaf066374a71027605d8a122bd0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
GlobalFix
CreateFileA
SetDefaultCommConfigA
SetLocaleInfoA
EnumCalendarInfoA
GetDriveTypeW
AllocConsole
InterlockedIncrement
SystemTimeToFileTime
GetProfileSectionA
GetUserDefaultLCID
GetModuleHandleW
GetTickCount
ReadConsoleW
TzSpecificLocalTimeToSystemTime
SetHandleCount
AllocateUserPhysicalPages
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
SetFileShortNameW
LoadLibraryW
IsProcessInJob
GetCalendarInfoW
SetVolumeMountPointA
GetConsoleAliasExesLengthW
GetFileAttributesA
GetFileAttributesW
GetOverlappedResult
GetVolumePathNameA
GetStringTypeExA
GetProfileIntA
ReleaseActCtx
SetLastError
GetProcAddress
SetComputerNameA
SearchPathA
GetTempFileNameA
LoadLibraryA
WriteConsoleA
SetCalendarInfoW
MoveFileA
FindFirstVolumeMountPointW
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
GlobalWire
GetModuleFileNameA
FindNextFileA
lstrcatW
FreeEnvironmentStringsW
GetConsoleTitleW
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
SetThreadAffinityMask
MoveFileWithProgressW
DebugBreak
EnumSystemLocalesW
AreFileApisANSI
DeleteFileA
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
SetFilePointer
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetLocaleInfoW
WriteFile
GetModuleFileNameW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileW

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fec1eaf066374a71027605d8a122bd0e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 107KB - Virtual size: 107KB

.data Size: 109KB - Virtual size: 2.6MB

.rsrc Size: 112KB - Virtual size: 111KB

.text
Size: 107KB - Virtual size: 107KB

.data
Size: 109KB - Virtual size: 2.6MB

.rsrc
Size: 112KB - Virtual size: 111KB