b7578171f9622fe509960bbd05214a6c[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

b7578171f9622fe509960bbd05214a6c.bin
Size

147KB
MD5

4cb0538b75360c884bd09eac2e32301e
SHA1

ed5f55c55c9cff7b5ac668251e73fd8beadf42ae
SHA256

7c9b70a2a5a2973c187221d35d93ab7b02c0328e889e5542edd1774f893afa5f
SHA512

afc9385461f3a24ee2f3c0c3760a7a38333b6cdd52836815de16675f9c649b47ef161fee8f990171a5edac8f88e2a3c067b503d2112deecd937479185254544f
SSDEEP

3072:O66TfbEUJLbbYzRZEF7qxh+F+UOOJYj1yuvVgNtxrBcd4B/qP6:efbEUJXbYzgFV+uQvdg7x9c406

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe

Files

b7578171f9622fe509960bbd05214a6c.bin
.zip

Password: infected
c2a2a609fd72d55c11f810577c29c7d85f92da64ac1594420fc32eb2f5a5ddb4.exe
.exe windows x86

Password: infected

8de2fe168308519536adb42b2323eb66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
InterlockedIncrement
InterlockedDecrement
WaitNamedPipeA
SetMailslotInfo
QueryDosDeviceA
SetComputerNameW
GetModuleHandleW
EnumTimeFormatsW
SetProcessPriorityBoost
GetPrivateProfileIntA
GetPrivateProfileStructW
GetSystemPowerStatus
GetCalendarInfoW
GetConsoleAliasExesLengthW
GetFileAttributesW
WriteConsoleW
GetModuleFileNameW
lstrcatA
CompareStringW
GetVolumePathNameA
GetShortPathNameA
GetProfileIntA
GetLastError
GetProcAddress
GetDriveTypeW
SearchPathA
ResetEvent
OpenWaitableTimerA
LoadLibraryA
GetProcessId
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
FindFirstVolumeMountPointW
AddAtomW
SetSystemTime
GlobalWire
FindNextFileA
EnumDateFormatsA
CreateIoCompletionPort
GetModuleHandleA
FreeEnvironmentStringsW
CreateMailslotA
EnumDateFormatsW
OpenSemaphoreW
TerminateJobObject
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
MoveFileWithProgressW
EnumCalendarInfoExA
EnumSystemLocalesW
AreFileApisANSI
GlobalDeleteAtom
AttachConsole
GlobalFix
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapFree
HeapAlloc
DeleteFileA
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
SetFilePointer
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle

gdi32

GetCharABCWidthsA
SelectObject

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8de2fe168308519536adb42b2323eb66

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 77KB - Virtual size: 2.6MB

.rsrc Size: 69KB - Virtual size: 68KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 77KB - Virtual size: 2.6MB

.rsrc
Size: 69KB - Virtual size: 68KB