1579be3d2f681ffd63a7b64af2ef22ac[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1579be3d2f681ffd63a7b64af2ef22ac.bin
Size

210KB
MD5

7d5fc663ef2a7b0db5ceb85a499f2dde
SHA1

e542d99c201d3152d4366746a880b09dc634c4d6
SHA256

9647a4d508225c5eea5da34a210203d1e1f111e97eb703cbb3349bc1c30ba929
SHA512

b6e39cf194abdbfa45f93ba19341bca478afe4a7589d647cb02d4ae5fc05f0e7f75121182acb37072c0f5eef52b9696e16987858130d5f5a8c70d45e20fbdf9a
SSDEEP

6144:tOUVRvsk9rILVu1hgCpWUhUjCaW+3P74KkfoJM:tOUbtrxgCpBhH+T49

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7e5f90a23f501b938d12c14ccfb747fc8832ba25da231bb3608bcff7b0e29a2c.exe

Files

1579be3d2f681ffd63a7b64af2ef22ac.bin
.zip

Password: infected
7e5f90a23f501b938d12c14ccfb747fc8832ba25da231bb3608bcff7b0e29a2c.exe
.exe windows x86

Password: infected

770f7b0ac2b55bd6301ae3ba09608ebd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
OpenJobObjectA
WaitNamedPipeA
GetCurrentProcess
SetMailslotInfo
ZombifyActCtx
WritePrivateProfileSectionA
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
SetFileTime
GetDriveTypeA
GlobalAlloc
GetSystemDirectoryW
LoadLibraryW
GetSystemPowerStatus
GetCalendarInfoA
GetConsoleAliasExesLengthW
LeaveCriticalSection
GetExitCodeProcess
GetFileAttributesW
GetVolumePathNameA
GetShortPathNameA
GetPrivateProfileIntW
DeleteFiber
GetLogicalDriveStringsA
GetProcAddress
AttachConsole
CreateMutexW
SetComputerNameA
SearchPathA
OpenThread
WriteConsoleA
InterlockedExchangeAdd
OpenWaitableTimerW
DeleteTimerQueue
MoveFileA
FindFirstVolumeMountPointW
AddAtomW
SetFileApisToANSI
BeginUpdateResourceA
GetDiskFreeSpaceA
GetPrivateProfileStructA
FindNextFileA
GetModuleHandleA
FreeEnvironmentStringsW
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
SetCalendarInfoA
SetThreadAffinityMask
SetFileShortNameA
GetWindowsDirectoryW
EnumCalendarInfoExA
EnumSystemLocalesW
DeleteFileA
SetProcessAffinityMask
MoveFileW
GetVolumeNameForVolumeMountPointA
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapCreate
EnterCriticalSection
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CloseHandle
CreateFileW

gdi32

GetCharABCWidthsW
SelectPalette

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rurine
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

770f7b0ac2b55bd6301ae3ba09608ebd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 81KB - Virtual size: 80KB

.data Size: 168KB - Virtual size: 630KB

.rurine Size: 6KB - Virtual size: 5KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 81KB - Virtual size: 80KB

.data
Size: 168KB - Virtual size: 630KB

.rurine
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 19KB - Virtual size: 19KB