937963b61e429c4d9049094f07dda378[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

937963b61e429c4d9049094f07dda378.bin
Size

230KB
MD5

68fe87eb1d946aa7dbf4ad4b5e190c40
SHA1

288af7ac7979adbcc4ea9db41c6d0b61e3c54908
SHA256

a9887a08052f5e04d3aa19f91058ddb34039c034619fe0aa30db62da1ff8c592
SHA512

a318ab1d539acfa0b201f3c697579b1c15ec7c171a8b87aef106fb13204c7e1183103858cf7565a20e5beb2c993ca00fbe17f08b333cc9d186d8429c59511915
SSDEEP

3072:a2IL7qq7YhmeOk4lLPvibIqKVg2RZiz+Us3ZGT7/OYPyjVLF4miLo0RNhBjiY1pr:4a8eIiKi2muo2YPy7anvjeY1Q4gJzq3V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9b47dfbcf99f7aae8f2a12149436ccf0f737f7f6d4e4ec412a17414bf3fdc53e.exe

Files

937963b61e429c4d9049094f07dda378.bin
.zip

Password: infected
9b47dfbcf99f7aae8f2a12149436ccf0f737f7f6d4e4ec412a17414bf3fdc53e.exe
.exe windows x86

Password: infected

ec25fad0b469bd3fa9e613cebadc5fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesA
AllocConsole
lstrcpynA
GetConsoleAliasExesLengthA
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
InterlockedIncrement
OpenJobObjectA
WaitNamedPipeA
HeapFree
GetProfileStringW
GetUserDefaultLCID
WriteConsoleInputA
BackupSeek
GetModuleHandleW
UnlockFileEx
FindNextVolumeMountPointA
GetConsoleAliasesLengthA
GetNumberFormatA
GetCompressedFileSizeW
GetUserDefaultLangID
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
SetFileShortNameW
LoadLibraryW
GetVersionExW
GetStringTypeExW
lstrlenW
VirtualUnlock
GetShortPathNameA
GetNamedPipeHandleStateW
EnumSystemLocalesA
GetCommandLineW
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
MoveFileW
RemoveDirectoryA
EnterCriticalSection
CreateSemaphoreW
WriteConsoleA
OpenWaitableTimerW
LocalAlloc
GetFileType
AddAtomW
GetPrivateProfileSectionNamesA
FindNextFileA
CreateIoCompletionPort
_lread
FreeEnvironmentStringsW
GetCurrentDirectoryA
EnumDateFormatsW
PeekConsoleInputA
SetCalendarInfoA
FindFirstVolumeA
ReadConsoleInputW
TerminateJobObject
GetWindowsDirectoryW
MoveFileWithProgressW
GetConsoleProcessList
DeleteFileA
lstrcpyA
CloseHandle
CreateFileW
WriteConsoleW
GetVolumeNameForVolumeMountPointA
GetLastError
SetStdHandle
LCMapStringW
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
RaiseException
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
MultiByteToWideChar
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

CharUpperBuffW
GetMessagePos

gdi32

GetCharWidthW

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ec25fad0b469bd3fa9e613cebadc5fbe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 113KB - Virtual size: 113KB

.data Size: 174KB - Virtual size: 39.2MB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 113KB - Virtual size: 113KB

.data
Size: 174KB - Virtual size: 39.2MB

.rsrc
Size: 39KB - Virtual size: 39KB