f0e6784ab756cf4215b32964932bd3e8[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f0e6784ab756cf4215b32964932bd3e8.bin
Size

170KB
MD5

61f4017e55023b9e6d25bad46645b109
SHA1

23ac4eb4edfab4696e13934ec3e9104c3c49ecc2
SHA256

45561e3f9a6118dedcbc9cee6d52252b00514c61637b2006ca665e3f5309bacb
SHA512

3a0c6412baf8556c58826b4b48791fe298feababe9db04484f3dac8ee7dccc016ec935a1cfb87deee832c0643f0aca8d4a7e7db8d317b023822d40e56dece35f
SSDEEP

3072:nRWHW4kUmVwBQHr6jNGtkjcgYiYAqWGXPIyDmJVIqjdP:nQ24ynH+tjWWuIsbadP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a5cb5558a1fb53b177fd0a683da3e93c4c0149588c7b06b5b8f5570896bd79bc.exe

Files

f0e6784ab756cf4215b32964932bd3e8.bin
.zip

Password: infected
a5cb5558a1fb53b177fd0a683da3e93c4c0149588c7b06b5b8f5570896bd79bc.exe
.exe windows x86

Password: infected

510dd539bc8b58414f44caf85838ae97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetupComm
CreateMutexW
FindResourceA
SetLocaleInfoA
EnumCalendarInfoA
GetConsoleAliasesLengthW
EnumDateFormatsExW
GetProfileIntW
FindResourceW
ScrollConsoleScreenBufferW
GetComputerNameW
GetModuleHandleW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
CopyFileW
GetVersionExW
ReadFile
GetCompressedFileSizeA
GetVolumePathNameA
lstrlenW
SetThreadPriority
DisconnectNamedPipe
SetCurrentDirectoryA
GetLastError
SetLastError
GetProcAddress
IsValidCodePage
EnumSystemCodePagesW
LoadLibraryA
OpenMutexA
lstrcmpiW
SetProcessShutdownParameters
_lopen
SetFileShortNameA
GetVersionExA
ReadConsoleInputW
GetWindowsDirectoryW
FileTimeToLocalFileTime
AddConsoleAliasA
CreateFileA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
MultiByteToWideChar
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW

user32

EnumDesktopWindows
CharToOemBuffA
CharUpperBuffW
GetMenuBarInfo
CharLowerBuffW
UnhookWinEvent
DdeQueryStringW
CharUpperBuffA
LoadBitmapW
SetClipboardViewer

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

510dd539bc8b58414f44caf85838ae97

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 6KB - Virtual size: 1.3MB

.rsrc Size: 161KB - Virtual size: 160KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 161KB - Virtual size: 160KB

.reloc
Size: 10KB - Virtual size: 10KB