5e033fda28ec376b85908afdc4a946e6[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

5e033fda28ec376b85908afdc4a946e6.bin
Size

139KB
MD5

ca7a477f9387986e8e85182e99550fbb
SHA1

22e3e9ec343e07fec79904649ac16b598934e558
SHA256

67ba52d7cd38e753b37f2806efa57d85839512249e8cbefa1d82d73abf38c925
SHA512

044d7491c801f9bb6c2655330eb0a045ae8b0e0154aae389830fbc0320ac60ffec8c00249bc6f34260c2358ffc419dddbf266b6e934349a18850e8d633592f7f
SSDEEP

3072:cAfUFf23AKmIbysfldtP880lH6jVYq3dbCMLpNtlRiLdZjs9YRgdi7FpVfmxIRz8:cgUFQRDf188KH6Vf3EMd7lCZjs91gFpY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/32250c725d6ca3d497fa6839495d6398b663cee9b9704bdfb41c38ae0be0b89b.exe

Files

5e033fda28ec376b85908afdc4a946e6.bin
.zip

Password: infected
32250c725d6ca3d497fa6839495d6398b663cee9b9704bdfb41c38ae0be0b89b.exe
.exe windows x86

Password: infected

73eb3bf4e3c6a0082a4a8746a058ebbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
SetLocaleInfoA
GetProfileIntW
DeleteVolumeMountPointA
EnumCalendarInfoW
GetLogicalDriveStringsW
UnlockFile
GetTickCount
GetConsoleAliasesA
GetCompressedFileSizeW
ClearCommBreak
GetDateFormatA
FindResourceExA
LoadLibraryW
CopyFileW
GetSystemWindowsDirectoryA
GetStringTypeExW
FindNextVolumeW
MulDiv
ReplaceFileW
GetVolumePathNameA
GetDevicePowerState
FindFirstFileA
OpenMutexW
GetComputerNameA
lstrcmpiA
GetProcAddress
GetLongPathNameA
BeginUpdateResourceW
EnumDateFormatsExA
IsValidCodePage
EnumSystemCodePagesW
LoadLibraryA
CreateFileMappingA
LocalAlloc
CreateHardLinkW
GetNumberFormatW
SetCurrentDirectoryW
SetProcessWorkingSetSize
HeapWalk
GetModuleHandleA
ReadConsoleInputW
GetWindowsDirectoryW
CloseHandle
CreateFileA
FlushFileBuffers
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
GetModuleHandleW
Sleep
ExitProcess
GetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RaiseException

user32

CharUpperBuffW
GetMenuBarInfo
LoadMenuA
DdeQueryStringW
GetClipboardOwner
CharToOemBuffA

gdi32

GetCharABCWidthsI

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

73eb3bf4e3c6a0082a4a8746a058ebbf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 6KB - Virtual size: 258KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 6KB - Virtual size: 258KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 7KB - Virtual size: 6KB