956d79812c98bbb5f5ba609cba79d5ee[.]bin | Triage

Sharing

General

Target

956d79812c98bbb5f5ba609cba79d5ee.bin
Size

361KB
MD5

5ed0dad171e3f93055a0a5828514b69f
SHA1

e929bd951ecdd887c10a702a4747176f88d73613
SHA256

46d2e1522fa7aa354924d7c94355eee6dcec707c4aaefeac3883faaf27a99341
SHA512

deadb889e32e4a192ed415151fbf91aac3e9db1796bb5c0502fd8b6a5c60862d640870023c76b95f9544b0537ce646590c60a971586e452392b4306a15eec1cb
SSDEEP

6144:GCzShWZNef/roNAM+7RU2sx3e4of5K8HGC3texyj5lg6P9vqkzKaSydCwh:jGhWZ8/r4AVRUrVeLBK8mwtewj5lgyzh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cda1ea0f3ee3f632981cad049258b5054acce691b98ceba725c14c6d9ff02077.exe

Files

956d79812c98bbb5f5ba609cba79d5ee.bin
.zip

Password: infected
cda1ea0f3ee3f632981cad049258b5054acce691b98ceba725c14c6d9ff02077.exe
.exe windows x86

Password: infected

518b2345d494b1e80417ecf496968b80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CreateFileW
FlushFileBuffers
GetFileInformationByHandle
SetFileValidData
DisconnectNamedPipe
HeapCreate
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
WaitForMultipleObjects
DisableThreadLibraryCalls
GetModuleHandleA
ConvertFiberToThread
DeleteAtom
GetCommMask
EraseTape
AddAtomW
FindAtomW
GetAtomNameW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ