0efde890555f0867090e7876e655dd26[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

0efde890555f0867090e7876e655dd26.bin
Size

180KB
MD5

9f28dbc54e686fc2cd5e67aa227279b5
SHA1

caf5ef579d86f2ffad1df098f17436149951c593
SHA256

e9ffead47d5b620745c84d6e1a7cc65ebbbe93d19ca63569b60a521f857fc90d
SHA512

361e8fa1fa7210d1497d293d8956ad14870a1b37185ebd56de97a54d1669775f1ae8fa6a93e841ee97c413b52b021a786b957cf0a2315d61929a634e130ca235
SSDEEP

3072:zoFNpux3HMWJq97V7P1Suvv++fBGOskwG4Cxs0NysbtvTCrHJ5g89iIiIvzpk7mE:zoxulsWJqpFjvtKkwG4Cx3tvuroSAmjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fec510e1c703913976155e5ee0a0e8b99f0320f626485b4e36ebdc4d61009c93.exe

Files

0efde890555f0867090e7876e655dd26.bin
.zip

Password: infected
fec510e1c703913976155e5ee0a0e8b99f0320f626485b4e36ebdc4d61009c93.exe
.exe windows x86

Password: infected

ad1da3007d39bc21ababd35f90247ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
VirtualQuery
GetCommState
InterlockedDecrement
CreateJobObjectW
InterlockedCompareExchange
SetEvent
GetProcessPriorityBoost
GetModuleHandleW
GetConsoleTitleA
ReadConsoleW
GetWindowsDirectoryA
InitializeCriticalSection
GlobalAlloc
IsValidLocale
FatalAppExitW
IsBadCodePtr
GetSystemWindowsDirectoryA
GetVersionExW
GlobalFlags
FindNextVolumeW
GetConsoleAliasW
ReplaceFileW
IsDBCSLeadByte
CreateActCtxA
GetTempPathW
GetLocaleInfoA
GetLogicalDriveStringsA
OpenMutexW
GetLastError
SetLastError
GetProcAddress
AttachConsole
VirtualAlloc
GetTempFileNameA
LoadLibraryA
DnsHostnameToComputerNameA
CreateFileMappingW
OpenEventA
VirtualLock
GetTapeParameters
GetModuleFileNameA
GetDefaultCommConfigA
FindFirstVolumeMountPointA
GetModuleHandleA
GetConsoleTitleW
WaitForDebugEvent
ScrollConsoleScreenBufferA
_lopen
FindAtomW
AddConsoleAliasA
ReadConsoleOutputCharacterW
EnumCalendarInfoExA
GetConsoleAliasesLengthW
lstrlenA
GetDateFormatW
SetThreadContext
GetStringTypeExA
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
MultiByteToWideChar
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW

gdi32

GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharWidthA
EnumFontsA

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ad1da3007d39bc21ababd35f90247ee4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 190KB - Virtual size: 189KB

.data Size: 8KB - Virtual size: 2.3MB

.rsrc Size: 91KB - Virtual size: 90KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 190KB - Virtual size: 189KB

.data
Size: 8KB - Virtual size: 2.3MB

.rsrc
Size: 91KB - Virtual size: 90KB

.reloc
Size: 14KB - Virtual size: 13KB