15e71e7bd654ec7edfcf79f2b780e4ab[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

15e71e7bd654ec7edfcf79f2b780e4ab.bin
Size

220KB
MD5

bf9fb8dea07f0a52b548130022d3d451
SHA1

d9602dc6cb1f12537db8ef26f714b66f3c210c9a
SHA256

01645b0754146d38b9167529f3dbf0d78977874a3209f4e2fef001568cea8f02
SHA512

b2a633b2593ccbf8577957dd736c70fcdb3dffeb3a5af835c2d2ab471f155835fe3df1bb535de72e30fe005613072c3339e3a96658e05ec94ba51f170ffdbff5
SSDEEP

6144:CU44FUpPCSWaZw4pkrDLBigIIklkoMZYp8cYFPy:CU44FUCSWr4pGDLZI9kxFPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/719ddc41a6854c119889e51948cc5a3ce275e136a5f4cccfd3f1af5096ad4838.exe

Files

15e71e7bd654ec7edfcf79f2b780e4ab.bin
.zip

Password: infected
719ddc41a6854c119889e51948cc5a3ce275e136a5f4cccfd3f1af5096ad4838.exe
.exe windows x86

Password: infected

73d4962fbae1e4c40152701417afb0c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
GetConsoleAliasExesLengthA
InterlockedIncrement
OpenJobObjectA
InterlockedDecrement
SetMailslotInfo
GetLogicalDriveStringsW
FreeEnvironmentStringsA
GetTickCount
EnumCalendarInfoExW
WaitNamedPipeW
GetDriveTypeA
GetVolumePathNameW
GetSystemDirectoryW
SetFileShortNameW
LoadLibraryW
GetPrivateProfileStructW
GetCalendarInfoA
LeaveCriticalSection
GetFileAttributesA
GetExitCodeProcess
GetFileAttributesW
WriteConsoleW
SetSystemPowerState
WritePrivateProfileSectionW
CompareStringW
CreateMutexW
GetPrivateProfileIntW
GetCurrentDirectoryW
GetProcAddress
AttachConsole
SetComputerNameA
SearchPathA
OpenThread
InterlockedExchangeAdd
OpenWaitableTimerW
LocalAlloc
SetCalendarInfoW
MoveFileA
FindFirstVolumeMountPointW
AddAtomW
SetFileApisToANSI
GetDiskFreeSpaceA
GetModuleHandleA
CancelTimerQueueTimer
FreeEnvironmentStringsW
FindNextFileW
GetStringTypeW
EnumDateFormatsW
SetThreadAffinityMask
DeleteFileW
GetCurrentProcessId
EnumSystemLocalesW
SetProcessAffinityMask
GetShortPathNameA
GetVolumeNameForVolumeMountPointA
GetLastError
HeapFree
DeleteFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
LCMapStringW
CloseHandle
CreateFileW

gdi32

GetCharABCWidthsW
SelectObject

shell32

DuplicateIcon

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

73d4962fbae1e4c40152701417afb0c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

shell32

Sections

.text Size: 80KB - Virtual size: 80KB

.data Size: 160KB - Virtual size: 622KB

.rsrc Size: 83KB - Virtual size: 82KB

.text
Size: 80KB - Virtual size: 80KB

.data
Size: 160KB - Virtual size: 622KB

.rsrc
Size: 83KB - Virtual size: 82KB