a675d6bb8cdf49c5f69a3a0c839c8fd0[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a675d6bb8cdf49c5f69a3a0c839c8fd0.bin
Size

217KB
MD5

e521a5c821e4c9cfd06683ee4d74fbb6
SHA1

3e9f9fa151e7831cf92453c3d00bd6495b710b31
SHA256

41861eae398cba4cc601c848d8c9dbf689a83d62f9a87b1e42227d3bdfe1991d
SHA512

73017f3cce24de423639b6a1022405968e263b37516f595ef98d7ae96795f1f94e1a88c1544de6ff2c477e6befa4939b9b638beb663db31271c0e87085802ce5
SSDEEP

6144:jSv2dBpajYEQBzxu42pXBiXuQukET+bcIpRoomCB:jqa3tEQBzWXBkuQlO+bcIo/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0c6e0acad7be001bce1e5c69661a79c775057f8276871bd362a69d03edb5d502.exe

Files

a675d6bb8cdf49c5f69a3a0c839c8fd0.bin
.zip

Password: infected
0c6e0acad7be001bce1e5c69661a79c775057f8276871bd362a69d03edb5d502.exe
.exe windows x86

Password: infected

a893cdef2037cf7fbfb751a55d5016a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetLogicalDriveStringsW
WaitForSingleObject
InterlockedCompareExchange
AddConsoleAliasW
GetModuleHandleW
GetTickCount
GetCurrentThread
GenerateConsoleCtrlEvent
GetConsoleAliasesA
GetConsoleAliasesLengthA
ReadConsoleW
GetConsoleAliasExesW
SetCommTimeouts
GetPriorityClass
FindResourceExA
GlobalAlloc
LoadLibraryW
FreeConsole
GetCalendarInfoA
GetVersionExW
GlobalFlags
WritePrivateProfileStructW
CreateMutexW
GetModuleFileNameW
CreateActCtxA
GetACP
DeactivateActCtx
OpenMutexW
GetLastError
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
LocalLock
LoadLibraryA
WriteConsoleA
GetNumberFormatW
GetCurrentConsoleFont
FindAtomA
GetModuleFileNameA
FindFirstVolumeMountPointA
OpenFileMappingW
RequestWakeupLatency
VirtualProtect
WaitForDebugEvent
CommConfigDialogW
CloseHandle
CreateTimerQueue
FindNextVolumeW
GetDateFormatW
CreateFileA
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

CharUpperBuffW
LoadMenuW
GetCaretPos

advapi32

MapGenericMask
ReportEventA

winhttp

WinHttpCheckPlatform

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a893cdef2037cf7fbfb751a55d5016a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

Sections

.text Size: 210KB - Virtual size: 210KB

.data Size: 14KB - Virtual size: 2.7MB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 210KB - Virtual size: 210KB

.data
Size: 14KB - Virtual size: 2.7MB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 13KB - Virtual size: 13KB