504b25530576f9f1877c64c7a0abf1fb[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

504b25530576f9f1877c64c7a0abf1fb.bin
Size

136KB
MD5

cf738366b2f9d6a047070df7c114027d
SHA1

a235c8b9b7814865da8834de2df78aa1b16fb9c3
SHA256

d8c1a91706068da60cbc32150d9f0249620e2b783218d20105caf5ea709b8ae2
SHA512

294d6f33698b7f965e4076d6a2af060ff3f335d3f2761496080c32207079a2b08f3057d9445a3b399fd3fa18d9bb0db1bcdacf65ccdc6a006014fe3e8b8fb09b
SSDEEP

3072:SoPxcLmshB593I1lNuPl/Kn2/fGlcGmbb7Ul3oAuvsZLd:fTs3YjNuPFK20S7YojsZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/32baad0c616cbbb5bc145a6d746bed7f77c5131b0cc29b780cd8384816b78d23.exe

Files

504b25530576f9f1877c64c7a0abf1fb.bin
.zip

Password: infected
32baad0c616cbbb5bc145a6d746bed7f77c5131b0cc29b780cd8384816b78d23.exe
.exe windows x86

Password: infected

a5471e9b5a4d51109b645937067bcab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
GetConsoleAliasExesLengthA
InterlockedIncrement
InterlockedDecrement
WaitNamedPipeA
GetCurrentProcess
SetMailslotInfo
ZombifyActCtx
GetModuleHandleW
GetTickCount
SetFileTime
EnumTimeFormatsW
GlobalAlloc
GetSystemDirectoryW
SetFileShortNameW
GetSystemPowerStatus
FreeConsole
GetCalendarInfoA
GetFileAttributesA
SetSystemPowerState
GetVolumePathNameA
GetShortPathNameA
EnumSystemLocalesA
GetProcAddress
MoveFileW
SetProcessAffinityMask
EnterCriticalSection
SearchPathA
LoadLibraryA
WriteConsoleA
GetProcessId
InterlockedExchangeAdd
DeleteTimerQueue
SetCalendarInfoW
FindFirstVolumeMountPointW
BeginUpdateResourceA
GetDiskFreeSpaceA
AddAtomA
GetPrivateProfileStructA
FindNextFileA
GetModuleHandleA
OpenFileMappingW
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetShortPathNameW
GetVolumeNameForVolumeMountPointW
EnumCalendarInfoExA
DeleteFileA
SetComputerNameA
ExitProcess
WriteConsoleW
HeapReAlloc
GetLastError
MoveFileA
MultiByteToWideChar
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
CloseHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
CreateFileW

gdi32

SelectPalette

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fin
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a5471e9b5a4d51109b645937067bcab0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 79KB - Virtual size: 542KB

.fin Size: 6KB - Virtual size: 5KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 79KB - Virtual size: 542KB

.fin
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 64KB - Virtual size: 63KB