685aa74639245cdc3a55e428c66ae039[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

685aa74639245cdc3a55e428c66ae039.bin
Size

147KB
MD5

8c1e13233f87fab44ab85d7fb9f5d358
SHA1

204035dec146b1bb27e2f73d53ed64f1f74dfd30
SHA256

feb5a42691dee15c5189112d40a8bf82b48a23ab0cc76e38f45685f49d051ab6
SHA512

e095188e8348d520d3ac4126a05b445b10e467675615f7f6ab78c3013c6b251349fb18495e578bda651f4c31692bd6ac24a20b47e1c5fb4946767bb075a80cf4
SSDEEP

3072:VNJzh/nn4ZXIAQ3L3aBgNQIrzMor5QkULJL4sso:d54ZX073I8QIrIyQkWJ8Do

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/e11f3e5a187ddbb67ea48d2f9a97b088355ebccc5e3de9299c84a8d38b5b32a9.exe

Files

685aa74639245cdc3a55e428c66ae039.bin
.zip

Password: infected
e11f3e5a187ddbb67ea48d2f9a97b088355ebccc5e3de9299c84a8d38b5b32a9.exe
.exe windows x86

Password: infected

3b2149cf9e511236f0f4269b68eb3b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
SetPriorityClass
GetConsoleAliasExesLengthA
InterlockedIncrement
OpenJobObjectA
InterlockedDecrement
GlobalSize
SetComputerNameW
GetModuleHandleW
GetTickCount
GetCurrentThread
EnumCalendarInfoExW
FindNextVolumeMountPointA
GetNumberFormatA
GetWindowsDirectoryA
WaitNamedPipeW
EnumTimeFormatsA
GetCommandLineA
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileStructW
GetSystemPowerStatus
FreeConsole
GetCalendarInfoA
GetExitCodeProcess
GetFileAttributesW
WriteConsoleW
CompareStringW
GetVolumePathNameA
FindNextVolumeMountPointW
GetShortPathNameA
ReleaseActCtx
GetLastError
GetCurrentDirectoryW
GetProcAddress
BeginUpdateResourceW
MoveFileW
EnterCriticalSection
SearchPathA
SetFileAttributesA
GetTempFileNameA
OpenWaitableTimerA
LoadLibraryA
OpenThread
InterlockedExchangeAdd
SetCalendarInfoW
MoveFileA
AddAtomW
SetFileApisToANSI
OpenJobObjectW
EnumDateFormatsA
GetModuleHandleA
OpenFileMappingW
FreeEnvironmentStringsW
FindNextFileW
CreateMailslotA
GetCPInfoExA
DeleteFileW
GetCurrentProcessId
GetFileInformationByHandle
EnumSystemLocalesW
DeleteFileA
ReadFile
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
IsProcessorFeaturePresent
LeaveCriticalSection
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
Sleep
RtlUnwind
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
LoadLibraryW
HeapReAlloc

user32

GetAltTabInfoW

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 23.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jivuy
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3b2149cf9e511236f0f4269b68eb3b87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 87KB - Virtual size: 87KB

.data Size: 79KB - Virtual size: 23.1MB

.jivuy Size: 1024B - Virtual size: 580B

.rsrc Size: 102KB - Virtual size: 102KB

.text
Size: 87KB - Virtual size: 87KB

.data
Size: 79KB - Virtual size: 23.1MB

.jivuy
Size: 1024B - Virtual size: 580B

.rsrc
Size: 102KB - Virtual size: 102KB