75a34d3bc5d01c45db6e3116c7d1fc80[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

75a34d3bc5d01c45db6e3116c7d1fc80.bin
Size

354KB
MD5

02ebfdb894dc2fc3737ef3420198da57
SHA1

374f8a0ba60e22a161d888c7bd2eb00c23eff5f6
SHA256

952e5785f8f45865185b5d7a53ad83e7662f877bf8921d022938674f5fa91106
SHA512

5e6211d808d0d80f4ff7e05518323276804bc5491e9f35d5bf908e18e21d7a21fc7fb0df1e04090a35e8eac5adf54eeda9b40853737d80d30c11f33a63f65581
SSDEEP

6144:yck9bwsQGdwBWZeFJklf9/R3C55+PdyDl8tUV7T/Xv0DaOJMy4DH0wXnwetM9:ybU5GdwEAFmf/RuYdyDytsTvl70wXwuc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0ca15ac24cd26ecd4afb42b4c8802bcfc1eb06088ae0d3503fbc732f80429531.exe

Files

75a34d3bc5d01c45db6e3116c7d1fc80.bin
.zip

Password: infected
0ca15ac24cd26ecd4afb42b4c8802bcfc1eb06088ae0d3503fbc732f80429531.exe
.exe windows x86

Password: infected

99ae33530ebff97e88a1ac2c3129a9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
GetConsoleAliasExesLengthA
InterlockedIncrement
InterlockedDecrement
WaitNamedPipeA
GetCurrentProcess
SetMailslotInfo
ZombifyActCtx
GetModuleHandleW
GetTickCount
SetFileTime
EnumTimeFormatsW
GetVolumePathNameW
GlobalAlloc
GetSystemDirectoryW
SetFileShortNameW
GetSystemPowerStatus
FreeConsole
GetCalendarInfoA
GetFileAttributesA
SetSystemPowerState
GetShortPathNameA
EnumSystemLocalesA
GetProcAddress
MoveFileW
SetProcessAffinityMask
EnterCriticalSection
SearchPathA
GetDiskFreeSpaceW
LoadLibraryA
WriteConsoleA
GetProcessId
InterlockedExchangeAdd
DeleteTimerQueue
SetCalendarInfoW
FindFirstVolumeMountPointW
BeginUpdateResourceA
AddAtomA
GetPrivateProfileStructA
FindNextFileA
GetModuleHandleA
OpenFileMappingW
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetShortPathNameW
GetVolumeNameForVolumeMountPointW
EnumCalendarInfoExA
DeleteFileA
SetComputerNameA
ExitProcess
WriteConsoleW
HeapReAlloc
GetLastError
MoveFileA
MultiByteToWideChar
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
CloseHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
CreateFileW

gdi32

SelectPalette

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 298KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.duyi
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

99ae33530ebff97e88a1ac2c3129a9f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 298KB - Virtual size: 760KB

.duyi Size: 6KB - Virtual size: 5KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 298KB - Virtual size: 760KB

.duyi
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 64KB - Virtual size: 63KB