e1a81c5b7d45b762441f124b6b86dde1[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

e1a81c5b7d45b762441f124b6b86dde1.bin
Size

216KB
MD5

2c7b95dafcc42b999c0e051ef0073c25
SHA1

e245c2ec5d208f1e2e95dc1b0edc7f122c1f677a
SHA256

aba2bfaa9c9f092eecd0a33946b31107f82f00dffebad07947b29fccdd637c92
SHA512

63138c49fea807683f5f259afe40901cf6171104325fc40d97f85e7df27ce43ff719e5f8fa7bd18c27587440b2abc8e66d10db119b11f3ce5867f4aa97ebcc40
SSDEEP

6144:QpcziwSPFDDBxwH1T4yP4SWDlgj50A/iVYSgZ:QqBS9fPMT4yP4fc00io

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bae1b67a9523966105eb93ad67f1e66380e90afd01baa355373a51c7528eb312.exe

Files

e1a81c5b7d45b762441f124b6b86dde1.bin
.zip

Password: infected
bae1b67a9523966105eb93ad67f1e66380e90afd01baa355373a51c7528eb312.exe
.exe windows x86

Password: infected

8e5804e6c31537cee19ea70382b7cc44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetLogicalDriveStringsW
WaitForSingleObject
InterlockedCompareExchange
AddConsoleAliasW
GetModuleHandleW
GetTickCount
GetCurrentThread
GenerateConsoleCtrlEvent
GetConsoleAliasesA
GetConsoleAliasesLengthA
ReadConsoleW
GetConsoleAliasExesW
SetCommTimeouts
GetPriorityClass
FindResourceExA
GlobalAlloc
LoadLibraryW
FreeConsole
GetCalendarInfoA
GetVersionExW
GlobalFlags
WritePrivateProfileStructW
CreateMutexW
GetModuleFileNameW
CreateActCtxA
GetACP
DeactivateActCtx
OpenMutexW
GetLastError
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
LocalLock
LoadLibraryA
WriteConsoleA
GetNumberFormatW
GetCurrentConsoleFont
FindAtomA
GetModuleFileNameA
FindFirstVolumeMountPointA
OpenFileMappingW
RequestWakeupLatency
VirtualProtect
WaitForDebugEvent
CommConfigDialogW
CreateFileA
CloseHandle
CreateTimerQueue
FindNextVolumeW
GetDateFormatW
WriteConsoleW
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetConsoleOutputCP

user32

CharUpperBuffW
LoadMenuW
GetCaretPos

advapi32

MapGenericMask
ReportEventA

winhttp

WinHttpCheckPlatform

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8e5804e6c31537cee19ea70382b7cc44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

Sections

.text Size: 209KB - Virtual size: 208KB

.data Size: 14KB - Virtual size: 2.7MB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 209KB - Virtual size: 208KB

.data
Size: 14KB - Virtual size: 2.7MB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 13KB - Virtual size: 13KB