d1a4c91610248942942f6dda018deca7[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d1a4c91610248942942f6dda018deca7.bin
Size

570KB
MD5

d2c1934699bc23ded06f6b4b297eb99f
SHA1

63188b0c7d27e124bfd3cbc7c7b386f3d5f5638f
SHA256

cafd5cbd439fb8e1b9ceb400e203e282bd7d3c3004dd2849207f908c7555eac4
SHA512

5231c74a6cdd597d1fb97e96c0cfa58bb1e40914082c52c904dae03f76298a487c8bad597f7e2432108a443cb1624a2c07d93337e33dc8742948a92131f5ae96
SSDEEP

12288:IpuoNfy39c/E2jw02baRaFVMvuLEQmTnZqz/9U2qyz/waii:Ily39c/EuwzIaIvuLEfK/mdyz/+i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95.exe

Files

d1a4c91610248942942f6dda018deca7.bin
.zip

Password: infected
a2429a2781600f34cc23b3dacba4ce58fbbadc90dac50ab80043601293534b95.exe
.exe windows x64

Password: infected

d0d0c5195b832915f0889026e5b9d987

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwind

kernel32

LoadLibraryExW
CreateFileW
HeapSize
GetTimeZoneInformation
LoadLibraryA
GetProcAddress
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
InitializeCriticalSectionEx
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
WriteConsoleW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetFileType
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d0d0c5195b832915f0889026e5b9d987

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 556KB - Virtual size: 555KB

.data Size: 10KB - Virtual size: 261KB

.pdata Size: 39KB - Virtual size: 38KB

.idata Size: 5KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 556KB - Virtual size: 555KB

.data
Size: 10KB - Virtual size: 261KB

.pdata
Size: 39KB - Virtual size: 38KB

.idata
Size: 5KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.reloc
Size: 9KB - Virtual size: 9KB