bf447368e9d3f0ec34cd63d370831979[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bf447368e9d3f0ec34cd63d370831979.bin
Size

242KB
MD5

d042ee2d89c8e1d5a08e77af1b018b89
SHA1

c573557e3c02cd6d5717bdfe8410706fc353e110
SHA256

c08971e5483033751200f7db2557b373c935fa4fee30eb2d33886150144a6270
SHA512

04a8ee35bf5ae11217561cd7dfa54abf63154d0c4b6810f3ed2030f3d772ad33e6c53ec27e6bdc729a7a52636d6c572dded16fca2f9c3a72095be12f8465e8bd
SSDEEP

6144:5qWFzy5r4+e2TejKvrINT7I3P1xSScyqfMwV2PKf9C/qT:wWJ2e2TrvUNvI37HcyqwKfs/G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7868e7c5e31315e7bb442bafbbc16addfeb4bda998b404491976aa271fbb78ef.exe

Files

bf447368e9d3f0ec34cd63d370831979.bin
.zip

Password: infected
7868e7c5e31315e7bb442bafbbc16addfeb4bda998b404491976aa271fbb78ef.exe
.exe windows x86

Password: infected

5a013624489e6703ae44eba8e360cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
SetLocaleInfoA
EnumCalendarInfoA
GetStringTypeA
GetProfileIntW
GetSystemWindowsDirectoryW
GetComputerNameW
CreateHardLinkA
LockFile
GetTickCount
GetConsoleAliasesA
GetWindowsDirectoryA
GetDateFormatA
FindResourceExA
ReadConsoleInputA
_hread
GetVersionExW
FindNextVolumeW
Beep
VerifyVersionInfoA
GetVolumePathNameA
ReplaceFileA
FlushFileBuffers
SetCurrentDirectoryA
CreateMutexW
OpenMutexW
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
GetLongPathNameA
BeginUpdateResourceW
EnumDateFormatsExA
HeapUnlock
CopyFileA
EnumSystemCodePagesW
LoadLibraryA
LocalAlloc
SetProcessWorkingSetSize
GetModuleHandleA
CreateMutexA
VirtualProtect
FileTimeToLocalFileTime
lstrcpyA
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
FindFirstFileA
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapAlloc
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA

user32

CharUpperBuffW
GetMenuBarInfo
CharLowerBuffW
DdeQueryStringW
GetClipboardOwner
CharToOemBuffA

advapi32

LogonUserW

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5a013624489e6703ae44eba8e360cecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 239KB - Virtual size: 238KB

.data Size: 7KB - Virtual size: 260KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 239KB - Virtual size: 238KB

.data
Size: 7KB - Virtual size: 260KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 8KB - Virtual size: 7KB