e4e2779dcccc9834770a960d1e6d06fe[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e4e2779dcccc9834770a960d1e6d06fe.bin
Size

237KB
MD5

7cc8a6f0722154f4d7b14a4f56d40697
SHA1

f808793a70b5dc841c42c18290c7acfc1c1cd5a5
SHA256

ecf5aa0209dd2026d45303cb0757dbec42079458b23305b6a17d9f62c3dca175
SHA512

bd1c158e4ed9960d27b2bfd9982b2f54178c9600786e7b07b90ea348c5c584d3269cf257554928bb02f81f3fb51998d22e1eb02beeef2d3f1ca1c7c767c9ee0c
SSDEEP

6144:6f4SlGT6UltmyM3J3Rr8V5uM2YsvsYm3vaBlFJC:sTANTmyru5Lm/WJC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e7c9c79948e5fca5447d4dde753f80ac4c7345361b9556aa0dfea061bdbbd94d.exe

Files

e4e2779dcccc9834770a960d1e6d06fe.bin
.zip

Password: infected
e7c9c79948e5fca5447d4dde753f80ac4c7345361b9556aa0dfea061bdbbd94d.exe
.exe windows x86

Password: infected

e9c458cdd2bf4d052566046ce5f2e6b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SearchPathW
EnumCalendarInfoA
GetDriveTypeW
AllocConsole
GetProfileIntW
GetConsoleAliasExesLengthA
ReadConsoleA
InterlockedDecrement
GetProfileSectionA
SetVolumeMountPointW
GetSystemDefaultLCID
FreeEnvironmentStringsA
MoveFileWithProgressA
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
EnumTimeFormatsA
ActivateActCtx
GetPrivateProfileIntA
AddRefActCtx
LoadLibraryW
IsProcessInJob
GetCalendarInfoA
GetStringTypeExW
GetFileAttributesA
GetModuleFileNameW
CreateFileW
GetOverlappedResult
CompareStringW
GetVolumePathNameA
EnumSystemLocalesA
GetCurrentDirectoryW
SetLastError
GetProcAddress
HeapSize
MoveFileW
SetComputerNameA
GetTempFileNameA
SetFileApisToOEM
WriteConsoleA
LocalAlloc
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
FindNextFileA
FindFirstVolumeMountPointA
GetModuleHandleA
lstrcatW
FreeEnvironmentStringsW
WaitForDebugEvent
SetCalendarInfoA
SetThreadAffinityMask
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
DeleteAtom
DeleteFileA
InterlockedIncrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e9c458cdd2bf4d052566046ce5f2e6b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 196KB - Virtual size: 2.7MB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 196KB - Virtual size: 2.7MB

.rsrc
Size: 44KB - Virtual size: 43KB