db48f7e60578c0986e1d79e3dd2317a3[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

db48f7e60578c0986e1d79e3dd2317a3.bin
Size

133KB
MD5

198aac6e89fad415a48acddcb392297d
SHA1

54b9eb6165e2af1000b73eda1dc27f4c1cf5dea0
SHA256

21e214c430e0947c823da4ec442341af176b874c598f554b2971d355f083ea97
SHA512

19800c342c93cc2e22bbe5329db5c38a6a9d160ebed834f070df1b07f06ffba8224dc66d75ece517120d7409f759093a09abfa0376db733af64f18730dc6dcb6
SSDEEP

3072:Hpg+/R0fZB4Eqwlafo1/UHEY48+I+88xI2uLTkMFcrUosSBZM8vYBsL/ZTJ:8fZBZ91/UHx+PhxIQesUc7MOUsLD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6c49a2a05adaaae7057e48eec70db7c56b9748a329b4d6ef6a08aa8601514eeb.exe

Files

db48f7e60578c0986e1d79e3dd2317a3.bin
.zip

Password: infected
6c49a2a05adaaae7057e48eec70db7c56b9748a329b4d6ef6a08aa8601514eeb.exe
.exe windows x86

Password: infected

d7a8d663ac3341e4e8c50e9c803fb402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesA
AllocConsole
lstrcpynA
GetConsoleAliasExesLengthA
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
InterlockedIncrement
OpenJobObjectA
WaitNamedPipeA
HeapFree
GetProfileStringW
GetUserDefaultLCID
WriteConsoleInputA
BackupSeek
GetModuleHandleW
UnlockFileEx
FindNextVolumeMountPointA
GetConsoleAliasesLengthA
GetNumberFormatA
GetCompressedFileSizeW
GetUserDefaultLangID
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
SetFileShortNameW
LoadLibraryW
GetVersionExW
GetStringTypeExW
lstrlenW
VirtualUnlock
GetShortPathNameA
GetNamedPipeHandleStateW
EnumSystemLocalesA
GetCommandLineW
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
MoveFileW
RemoveDirectoryA
EnterCriticalSection
CreateSemaphoreW
WriteConsoleA
OpenWaitableTimerW
LocalAlloc
GetFileType
AddAtomW
GetPrivateProfileSectionNamesA
FindNextFileA
CreateIoCompletionPort
_lread
FreeEnvironmentStringsW
GetCurrentDirectoryA
EnumDateFormatsW
PeekConsoleInputA
SetCalendarInfoA
FindFirstVolumeA
ReadConsoleInputW
TerminateJobObject
GetWindowsDirectoryW
MoveFileWithProgressW
GetConsoleProcessList
DeleteFileA
lstrcpyA
CloseHandle
CreateFileW
WriteConsoleW
GetVolumeNameForVolumeMountPointA
GetLastError
SetStdHandle
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
RaiseException
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
FlushFileBuffers

user32

CharUpperBuffW
GetMessagePos

gdi32

GetCharWidthW

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 39.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d7a8d663ac3341e4e8c50e9c803fb402

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 114KB - Virtual size: 114KB

.data Size: 76KB - Virtual size: 39.1MB

.rsrc Size: 39KB - Virtual size: 39KB

.text
Size: 114KB - Virtual size: 114KB

.data
Size: 76KB - Virtual size: 39.1MB

.rsrc
Size: 39KB - Virtual size: 39KB