197ce53bd7b76bd72b59c3b129b5f17f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

197ce53bd7b76bd72b59c3b129b5f17f.bin
Size

230KB
MD5

5a580f889edc0faa039ef8e962e8fc52
SHA1

5ff3148360d2eefb126e29ea29174eeb79fd4ea7
SHA256

b65f53d9fe7b9284361741cc51f135f5cde908698a48da8014ad7195bcd907b3
SHA512

df6f2be982025d80d937ded7326c4ea3ff531e9136f76eac95b01c70ca56f93598b2c1dfc4bff7dfc6746bc922a435f75445aa914aa9df5e0536914093117d8b
SSDEEP

6144:1J6E/RRzeEXz+BxvajsW4502Sj5xO72TahYOii2K1k4XEhzaO8:lTzgBxigWl5SqNzK2hzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f7fdb0a5315e488f95a575ad3947efcd4455b54b5335afa7126fd37c67cae0f0.exe

Files

197ce53bd7b76bd72b59c3b129b5f17f.bin
.zip

Password: infected
f7fdb0a5315e488f95a575ad3947efcd4455b54b5335afa7126fd37c67cae0f0.exe
.exe windows x86

Password: infected

8de2fe168308519536adb42b2323eb66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
InterlockedIncrement
InterlockedDecrement
WaitNamedPipeA
SetMailslotInfo
QueryDosDeviceA
SetComputerNameW
GetModuleHandleW
EnumTimeFormatsW
SetProcessPriorityBoost
GetPrivateProfileIntA
GetPrivateProfileStructW
GetSystemPowerStatus
GetCalendarInfoW
GetConsoleAliasExesLengthW
GetFileAttributesW
WriteConsoleW
GetModuleFileNameW
lstrcatA
CompareStringW
GetVolumePathNameA
GetShortPathNameA
GetProfileIntA
GetLastError
GetProcAddress
GetDriveTypeW
SearchPathA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
GetProcessId
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
FindFirstVolumeMountPointW
AddAtomW
SetSystemTime
GlobalWire
FindNextFileA
EnumDateFormatsA
CreateIoCompletionPort
GetModuleHandleA
FreeEnvironmentStringsW
CreateMailslotA
EnumDateFormatsW
OpenSemaphoreW
TerminateJobObject
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
MoveFileWithProgressW
EnumCalendarInfoExA
EnumSystemLocalesW
AreFileApisANSI
GlobalDeleteAtom
AttachConsole
GlobalFix
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapFree
HeapAlloc
DeleteFileA
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
SetFilePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle

gdi32

GetCharABCWidthsA
SelectObject

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8de2fe168308519536adb42b2323eb66

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 159KB - Virtual size: 2.7MB

.rsrc Size: 69KB - Virtual size: 68KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 159KB - Virtual size: 2.7MB

.rsrc
Size: 69KB - Virtual size: 68KB