cbe7a31a79c06c16565d085f24e348a2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

cbe7a31a79c06c16565d085f24e348a2.bin
Size

680KB
MD5

80292008a362e04ae82e0564ff1f5c94
SHA1

6e449a7981345e4463dd352f20c10b51ee51ca50
SHA256

5b37bb318281ea8ef838fb9efd33e6630ba37b6c690a034c6654557e15874bde
SHA512

2a894d1ff47d7e9f68b6c5dc39543213df98128f7fb637ae707c0759c9ad0bdd45b8585a7b0d84fdd57167fa1f4303b719241114c9bd1a7e22a7a68b58548fd0
SSDEEP

12288:X65ruHxZwXyOLwS5p21WZhH701ymVRbSJi25Vd06atZVn5YzNFfXI6CJE/0Z:X65ruHx+COLb5p2gz41ymVREi27TaPVj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/44b358791fd570b307e9c032a8306f91ee2900bb8c4aa2ddadf7fdbca0edb23f.exe

Files

cbe7a31a79c06c16565d085f24e348a2.bin
.zip

Password: infected
44b358791fd570b307e9c032a8306f91ee2900bb8c4aa2ddadf7fdbca0edb23f.exe
.exe windows x86

Password: infected

ad1da3007d39bc21ababd35f90247ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
VirtualQuery
GetCommState
InterlockedDecrement
CreateJobObjectW
InterlockedCompareExchange
SetEvent
GetProcessPriorityBoost
GetModuleHandleW
GetConsoleTitleA
ReadConsoleW
GetWindowsDirectoryA
InitializeCriticalSection
GlobalAlloc
IsValidLocale
FatalAppExitW
IsBadCodePtr
GetSystemWindowsDirectoryA
GetVersionExW
GlobalFlags
FindNextVolumeW
GetConsoleAliasW
ReplaceFileW
IsDBCSLeadByte
CreateActCtxA
GetTempPathW
GetLocaleInfoA
GetLogicalDriveStringsA
OpenMutexW
GetLastError
SetLastError
GetProcAddress
AttachConsole
VirtualAlloc
GetTempFileNameA
LoadLibraryA
DnsHostnameToComputerNameA
CreateFileMappingW
OpenEventA
VirtualLock
GetTapeParameters
GetModuleFileNameA
GetDefaultCommConfigA
FindFirstVolumeMountPointA
GetModuleHandleA
GetConsoleTitleW
WaitForDebugEvent
ScrollConsoleScreenBufferA
_lopen
FindAtomW
AddConsoleAliasA
ReadConsoleOutputCharacterW
EnumCalendarInfoExA
GetConsoleAliasesLengthW
lstrlenA
GetDateFormatW
SetThreadContext
GetStringTypeExA
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
MultiByteToWideChar
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW

gdi32

GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharWidthA
EnumFontsA

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ad1da3007d39bc21ababd35f90247ee4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 689KB - Virtual size: 688KB

.data Size: 8KB - Virtual size: 2.3MB

.rsrc Size: 91KB - Virtual size: 90KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 689KB - Virtual size: 688KB

.data
Size: 8KB - Virtual size: 2.3MB

.rsrc
Size: 91KB - Virtual size: 90KB

.reloc
Size: 15KB - Virtual size: 14KB