569[.]bin[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

569.bin.zip
Size

105KB
MD5

fc1003f37275503e8a0f07786c73459b
SHA1

0dcf095ec018362a5ca623d6bc78bd6d94e2fb1d
SHA256

f8b86cf01175f4a13d5e5316f3b05f62f84a7d94cc31c34d63510b8dbfe6c976
SHA512

8ff1afa2fa555603aa9e4f5bf68e21c75e37ad9208227a24ec69282a1a3a42c059021b52a47d21c7872d3c6a327b5c7b45e5f2701ee223f9a9b33bfb51898927
SSDEEP

1536:AL3BYa+iSKHF6mUUaFdJkXhnq9Km0N4eqKa14lLNk7O1OkMGiC2t6EypKnSpx:AdZ+iD6mJaF7kRq9g1GOIyZx2tjoK2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/569.bin

Files

569.bin.zip
.zip

Password: infected
569.bin
.exe windows x86

Password: infected

b863fd11a9bc3705c0d07ce97be394e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextExtentPointW

user32

LoadCursorA
CharNextExA
EmptyClipboard
EndDeferWindowPos
UnloadKeyboardLayout
ToUnicode
GetKeyState
GetCaretBlinkTime
GetFocus

kernel32

GetDateFormatA
QueryProcessCycleTime
SystemTimeToTzSpecificLocalTime
UnregisterWaitEx
GetTimeZoneInformation
GetVersion
GetTempFileNameA
CloseHandle
GetCurrentThread
GetThreadPriority
GetPrivateProfileSectionW
GetProcessPriorityBoost
GetCurrentProcess
FindFirstFileA

winspool.drv

GetPrinterDriverW

advapi32

IsValidSecurityDescriptor

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 4KB - Virtual size: 39B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b863fd11a9bc3705c0d07ce97be394e8

Headers

File Characteristics

Imports

gdi32

user32

kernel32

winspool.drv

advapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 7KB

.crt Size: 4KB - Virtual size: 39B

.CRT Size: 40KB - Virtual size: 39KB

.qdata Size: 28KB - Virtual size: 27KB

.crt Size: 20KB - Virtual size: 16KB

.crt Size: 20KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 720B

.reloc Size: 4KB - Virtual size: 776B

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

.crt
Size: 4KB - Virtual size: 39B

.CRT
Size: 40KB - Virtual size: 39KB

.qdata
Size: 28KB - Virtual size: 27KB

.crt
Size: 20KB - Virtual size: 16KB

.crt
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 720B

.reloc
Size: 4KB - Virtual size: 776B