539a444f8dff3d9719e36fd9db31b799[.]bin | Triage

Sharing

General

Target

539a444f8dff3d9719e36fd9db31b799.bin
Size

3.4MB
MD5

35a7b4521dae347ecd9c7da76b4e2748
SHA1

48555b32234c8146a060807e3e2bdc92b78750c5
SHA256

f29d7fe98b8cf7ace554d7a26136ee4504e4634e86336d9225086132774c8238
SHA512

26199c69256a79887abcdf5554457de659e29220a0cf22e223d728b2e5a38d03719826287828097d47135f4458283940f3bafc0f9536849de3c724b4753f8a68
SSDEEP

49152:v5IboYfA30GfXhdR+WsoB510QySEoLt5JBM7OdO9ohIcfdSBIcgTEQd:v52Y30ChL+/av0QJ5dd4oaOdCIcEEQd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2c5c3ba7eba30cc358b40d494fda79d9d2a6df152bdb7eb1aceb36f3fbcf60c3.exe

Files

539a444f8dff3d9719e36fd9db31b799.bin
.zip

Password: infected
2c5c3ba7eba30cc358b40d494fda79d9d2a6df152bdb7eb1aceb36f3fbcf60c3.exe
.exe windows x64

Password: infected

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 3.2MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE