dd30198ea41d5015bbb55030481bee96[.]bin

Resubmissions

10/06/2023, 02:32

230610-c1gs6aea89 10

Sharing

Copy URL

Twitter E-mail

General

Target

dd30198ea41d5015bbb55030481bee96.bin
Size

151KB
MD5

7df144cf459380322cad6045f03c9bd7
SHA1

aaa99afdfbac718499e91c06d0b9cf33bcf910d8
SHA256

153f543e7aa3e1ecd1e64154684547c4c516454b410bbab1793907271cc18f37
SHA512

dc57be740653a16d6f4db122eb05d299aaf4999a5ef944aeb532337aea30dd0f8297de589179366b6f2a7d59bed25eb0b27717416f70e35fb67f719a6afd87c7
SSDEEP

3072:mvp0TsiVzUSv6JJC+JdSiwpJiQdPeQ+ui/4+JyRq3VWfrCBcpLp8RZwjj:gq4iJUSv6aT7iQdmQu/GrwRZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/69ab392dfe42b299677871707364b4b59da9a4e466eda0065db4dc6da89f9321.exe

Files

dd30198ea41d5015bbb55030481bee96.bin
.zip

Password: infected
69ab392dfe42b299677871707364b4b59da9a4e466eda0065db4dc6da89f9321.exe
.exe windows x86

Password: infected

078c527316e58c8f8358ebd022c4bbdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
InterlockedIncrement
SetMailslotInfo
GetLogicalDriveStringsW
WritePrivateProfileSectionA
CreateDirectoryW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
EnumCalendarInfoExW
WaitNamedPipeW
EnumTimeFormatsW
SetProcessPriorityBoost
GetSystemDirectoryW
GetPrivateProfileStructW
GetCalendarInfoA
GetProcessHandleCount
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
SetSystemPowerState
GetModuleFileNameW
CompareStringW
GetVolumePathNameA
GetShortPathNameA
EnumSystemLocalesA
GetPrivateProfileIntW
ConvertThreadToFiber
MoveFileW
SetComputerNameA
SearchPathA
OpenWaitableTimerA
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
DeleteTimerQueue
MoveFileA
BuildCommDCBAndTimeoutsW
FindFirstVolumeMountPointW
IsSystemResumeAutomatic
AddAtomW
GetDiskFreeSpaceA
OpenJobObjectW
FindFirstVolumeMountPointA
EnumDateFormatsA
GetModuleHandleA
FindNextFileW
GetStringTypeW
GetConsoleTitleW
SetCalendarInfoA
SetThreadAffinityMask
SetFileShortNameA
FindAtomW
GetVolumeNameForVolumeMountPointW
DeleteFileW
AreFileApisANSI
GetDriveTypeW
GetProcAddress
CreateMutexW
CloseHandle
WriteConsoleW
GetLastError
HeapFree
DeleteFileA
WideCharToMultiByte
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapCreate
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
LCMapStringW
MultiByteToWideChar
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryW
HeapReAlloc
FlushFileBuffers
SetStdHandle
CreateFileW

gdi32

GetCharABCWidthsW
SelectObject

shell32

DuplicateIcon

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 40.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

078c527316e58c8f8358ebd022c4bbdf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

shell32

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 78KB - Virtual size: 40.7MB

.rsrc Size: 122KB - Virtual size: 121KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 78KB - Virtual size: 40.7MB

.rsrc
Size: 122KB - Virtual size: 121KB