f647d269f72f03b02919ff736[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f647d269f72f03b02919ff736.bin
Size

245KB
MD5

e66c00e53d4edc3c80f75eeaa3561d1b
SHA1

8612a99e89743ffd62d389507a5192cad3d4b017
SHA256

04427e1a5d051a1a6676a2ca3ab27f8a1f809c8d34162d4688590011c156dbe4
SHA512

befa5b2b7d35e721a5b97a0065ef1f0c8f4bbb75a32cfbb946ff78e475c691582f4f95c3325c9282983b06520f6b9dd055e78d1817443042b87fa01128c202b8
SSDEEP

6144:Bliz1g75PzA+BCZCNriefCaIHyb1CYdx0BrQw8eCrYIq:P6GmLZdhipn0B0DnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7d5a1acd402b5d1e7cc72fe0d7b947d2bb1a3123dce15c9ce5c286f1efa10ca8.exe

Files

f647d269f72f03b02919ff736.bin
.zip

Password: infected
7d5a1acd402b5d1e7cc72fe0d7b947d2bb1a3123dce15c9ce5c286f1efa10ca8.exe
.exe windows x86

4ef5c5864141626e44cf96ed52dc90ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
ConvertThreadToFiber
GetConsoleAliasExesLengthA
InterlockedIncrement
OpenJobObjectA
InterlockedDecrement
WriteConsoleInputA
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetCurrentThread
GetWindowsDirectoryA
WaitNamedPipeW
EnumTimeFormatsA
GetCommandLineA
GetPriorityClass
GetVolumePathNameW
SetFileShortNameW
GetCalendarInfoA
LeaveCriticalSection
CreateSemaphoreA
GetFileAttributesW
WriteConsoleW
GetCompressedFileSizeA
CompareStringW
GetVolumePathNameA
SetThreadPriority
CreateMailslotW
GetCPInfoExW
GetCurrentDirectoryW
SetLastError
GetProcAddress
GetConsoleAliasesLengthW
SearchPathA
GlobalFree
GetTempFileNameA
OpenWaitableTimerA
LoadLibraryA
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
MoveFileA
GetNumberFormatW
BeginUpdateResourceA
VirtualLock
AddAtomA
HeapWalk
OpenJobObjectW
GetPrivateProfileSectionNamesA
FindNextFileA
EnumDateFormatsA
GetModuleHandleA
GetStringTypeW
GetCurrentDirectoryA
GetShortPathNameW
GetCPInfoExA
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
DebugBreak
ReadConsoleOutputCharacterW
OpenFileMappingA
LocalFileTimeToFileTime
ReadFile
HeapReAlloc
CreateMutexW
MoveFileW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
GetLastError
WideCharToMultiByte
MultiByteToWideChar
HeapSetInformation
GetStartupInfoW
RaiseException
HeapFree
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
CreateFileW

user32

GetAltTabInfoW

advapi32

ReadEventLogW

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 175KB - Virtual size: 23.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zutu
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4ef5c5864141626e44cf96ed52dc90ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 121KB - Virtual size: 121KB

.data Size: 175KB - Virtual size: 23.2MB

.zutu Size: 1024B - Virtual size: 580B

.rsrc Size: 77KB - Virtual size: 77KB

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 175KB - Virtual size: 23.2MB

.zutu
Size: 1024B - Virtual size: 580B

.rsrc
Size: 77KB - Virtual size: 77KB