fb889bafcc6f226f1e7bfbaec1ae856a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

fb889bafcc6f226f1e7bfbaec1ae856a.bin
Size

290KB
MD5

69b243b3e97984f70092f133b2e83a9f
SHA1

6f7ffe93e7b04fe1f7e30f9d63ec02f56d8da271
SHA256

76a3eb6b54859153be147a8d1dcf78992b9f770d9348ed23071685a626b578e8
SHA512

07600bc2690a55fc84f8ebe7f8c1b9f5fb10ecc6b7c3be5013ffadefbd145fd5f7194e690c973327440bf3dbba85616050c1701238bfa3fec403c3413978ac95
SSDEEP

6144:u0JH5/9+1UaBjsTyvhdTpIpO61X7Hy0GstzzKZpiqVmYersMtQFMnWWJNT:ukkToehdTO97Hy0GsxzKZpEAMtAMWsT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6e6061cd2d846e6be7058e35b0dab7f0513038a410a367be304e2e71c0bfb427.exe

Files

fb889bafcc6f226f1e7bfbaec1ae856a.bin
.zip

Password: infected
6e6061cd2d846e6be7058e35b0dab7f0513038a410a367be304e2e71c0bfb427.exe
.exe windows x86

Password: infected

6847c4a23533c8db62ddf8eb8d214ba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
GlobalFix
CreateFileA
SetDefaultCommConfigA
GetDriveTypeW
AllocConsole
InterlockedIncrement
SystemTimeToFileTime
EnumCalendarInfoW
GetProfileSectionA
GetUserDefaultLCID
MoveFileWithProgressA
GetModuleHandleW
GetTickCount
ReadConsoleW
TzSpecificLocalTimeToSystemTime
SetHandleCount
AllocateUserPhysicalPages
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
SetFileShortNameW
LoadLibraryW
IsProcessInJob
GetCalendarInfoW
SetVolumeMountPointA
GetConsoleAliasExesLengthW
GetFileAttributesA
GetFileAttributesW
GetOverlappedResult
GetVolumePathNameA
GetStringTypeExA
GetProfileIntA
ReleaseActCtx
SetLastError
GetProcAddress
SetComputerNameA
SearchPathA
GetTempFileNameA
LoadLibraryA
WriteConsoleA
MoveFileA
FindFirstVolumeMountPointW
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
GlobalWire
GetModuleFileNameA
FindNextFileA
SetLocaleInfoW
lstrcatW
FreeEnvironmentStringsW
GetConsoleTitleW
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
SetCalendarInfoA
SetThreadAffinityMask
DeleteFileW
DebugBreak
EnumSystemLocalesW
AreFileApisANSI
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
DeleteFileA
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameW
GetEnvironmentStringsW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 227KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6847c4a23533c8db62ddf8eb8d214ba0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 227KB - Virtual size: 2.7MB

.rsrc Size: 112KB - Virtual size: 111KB

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 227KB - Virtual size: 2.7MB

.rsrc
Size: 112KB - Virtual size: 111KB