f80d5d7224f2f63615d36c54640492e8[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f80d5d7224f2f63615d36c54640492e8.bin
Size

225KB
MD5

d6b043bb7c44680c12afa88420bae6e1
SHA1

2cdf322d92acba82efce7426fd55c4bdd6122b1b
SHA256

00ec5c5838f40d8d04d23e0591216a0fbb7c2f0dfb758518bbfca1e91ab404fd
SHA512

55537ed49cdb69c55a2cefbf108500d7d5d8b0e76cc68235b0dc90f4b87e209a5d41846a2e3351b64cae79e063b264b8090682964a4aca5b56844d8bbfe5ee76
SSDEEP

3072:RIh0WhMCanZqOvoKE5bOuI0PUzhSmB/CoR5+Z7oNeb87UX4y9oeCM/kYiC1gNJ:a2WO4x5bbS4mB/R5kFQIX4y9Z/FgL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7ecadf75743a37fed7bb735987a9bfde27d185087b2b65acfe78854742ebd71b.exe

Files

f80d5d7224f2f63615d36c54640492e8.bin
.zip

Password: infected
7ecadf75743a37fed7bb735987a9bfde27d185087b2b65acfe78854742ebd71b.exe
.exe windows x86

Password: infected

efaf82812fcbfbe92dea95a0b4ee6ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
GetComputerNameA
GetDateFormatW
TlsGetValue
VirtualQuery
SetEndOfFile
ClearCommError
EnumCalendarInfoW
ReadConsoleA
GetCurrentProcess
LockFile
GetTickCount
GetConsoleAliasesA
FormatMessageA
GetWindowsDirectoryA
GetVolumePathNameW
FindResourceExA
LoadLibraryW
IsValidLocale
SetCommConfig
ReadConsoleInputA
GetSystemWindowsDirectoryA
WriteConsoleW
ReplaceFileW
GetCompressedFileSizeA
GetACP
GetStringTypeExA
InterlockedExchange
GetProfileIntA
GetLogicalDriveStringsA
OpenMutexW
GetLastError
GetCurrentDirectoryW
SetLastError
GetProcAddress
BeginUpdateResourceW
CopyFileA
LoadLibraryA
DeleteTimerQueue
SetCurrentDirectoryW
BeginUpdateResourceA
GetModuleFileNameA
CreateMutexA
PurgeComm
FatalAppExitA
OpenSemaphoreW
ReleaseMutex
GetVersionExA
FindNextVolumeA
CloseHandle
CreateFileA
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
HeapFree
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TerminateProcess
IsDebuggerPresent
HeapAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle

user32

CharUpperBuffA
LoadMenuW
GetSysColorBrush
SetCaretPos
GetClipboardOwner
CharToOemBuffA

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

efaf82812fcbfbe92dea95a0b4ee6ab0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 217KB - Virtual size: 216KB

.data Size: 16KB - Virtual size: 568KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 217KB - Virtual size: 216KB

.data
Size: 16KB - Virtual size: 568KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 8KB - Virtual size: 8KB