b9553d05bb13bc681817e7b273db6a0e[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b9553d05bb13bc681817e7b273db6a0e.bin
Size

134KB
MD5

5811af24446259022724f01c963b8faa
SHA1

83f2127b7ff87f51fcbd912a2af4b6558fafe55e
SHA256

d4c9191446d6905c3540abd3b55d982d0cd6ee189347f3ff9ea8fa139ff64729
SHA512

b5f0a1a22b12574147cc73715f7ba8d6c7682e5ff874562c999a7e2dbdd70b0658c3d0d2f85d5a0543248c0e01b0f90e2759352f20f89fc65ff4895f0c83eb55
SSDEEP

3072:/oXPPhwhNPShdej0P9g+QUlfx7z+tQDnsCT7Pk4Hk6w:/o/PiPSh4gP9hfh+tQDsC/9HkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c210be84d04a87aa2d1e84132b6632b5a7e5e0ee740efc5f1c11a63ac5f555f2.exe

Files

b9553d05bb13bc681817e7b273db6a0e.bin
.zip

Password: infected
c210be84d04a87aa2d1e84132b6632b5a7e5e0ee740efc5f1c11a63ac5f555f2.exe
.exe windows x86

Password: infected

d7a8d663ac3341e4e8c50e9c803fb402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesA
AllocConsole
lstrcpynA
GetConsoleAliasExesLengthA
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
InterlockedIncrement
OpenJobObjectA
WaitNamedPipeA
HeapFree
GetProfileStringW
GetUserDefaultLCID
WriteConsoleInputA
BackupSeek
GetModuleHandleW
UnlockFileEx
FindNextVolumeMountPointA
GetConsoleAliasesLengthA
GetNumberFormatA
GetCompressedFileSizeW
GetUserDefaultLangID
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
SetFileShortNameW
LoadLibraryW
GetVersionExW
GetStringTypeExW
lstrlenW
VirtualUnlock
GetShortPathNameA
GetNamedPipeHandleStateW
EnumSystemLocalesA
GetCommandLineW
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
MoveFileW
RemoveDirectoryA
EnterCriticalSection
CreateSemaphoreW
WriteConsoleA
OpenWaitableTimerW
LocalAlloc
GetFileType
AddAtomW
GetPrivateProfileSectionNamesA
FindNextFileA
CreateIoCompletionPort
_lread
FreeEnvironmentStringsW
GetCurrentDirectoryA
EnumDateFormatsW
PeekConsoleInputA
SetCalendarInfoA
FindFirstVolumeA
ReadConsoleInputW
TerminateJobObject
GetWindowsDirectoryW
MoveFileWithProgressW
GetConsoleProcessList
DeleteFileA
lstrcpyA
CloseHandle
CreateFileW
WriteConsoleW
GetVolumeNameForVolumeMountPointA
GetLastError
SetStdHandle
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
RaiseException
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
FlushFileBuffers

user32

CharUpperBuffW
GetMessagePos

gdi32

GetCharWidthW

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 39.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d7a8d663ac3341e4e8c50e9c803fb402

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 114KB - Virtual size: 114KB

.data Size: 77KB - Virtual size: 39.1MB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 114KB - Virtual size: 114KB

.data
Size: 77KB - Virtual size: 39.1MB

.rsrc
Size: 39KB - Virtual size: 39KB