9cfdf68ecc493c042aa113149fe19460[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9cfdf68ecc493c042aa113149fe19460.bin
Size

126KB
MD5

4f639b342d2e723ab64d24e38e3ab1b4
SHA1

c2488519b1d0e676b6a10cc90f69e74c33a210e8
SHA256

07f7a12dcc8649f5119c34da6786e71ec18e243dfbcf70577db5c23362b72e1b
SHA512

23d6353e9d333836ebb8e58c56e1482c87dfe367e8e4a04eed212c70507af68c9d1e0fc54e7eec7ef592fecb3adbfe541c2deee37fcef83ae229a4eec563c389
SSDEEP

3072:r/sklKRUx7skp6YzTwPNVBzbzvLJ3RAE3As3TbwBril02HiyM:4kAUx7jp9UzZvd3RAE3AYforilxHpM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b8d512610678f0cf5cc94deeafaa6276549cdac6db64208cb7e1aca52441fb34.exe

Files

9cfdf68ecc493c042aa113149fe19460.bin
.zip

Password: infected
b8d512610678f0cf5cc94deeafaa6276549cdac6db64208cb7e1aca52441fb34.exe
.exe windows x86

Password: infected

189fcb3cc81a9771ead68c0464a642d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetInformationJobObject
GetConsoleAliasExesA
MoveFileExA
AllocConsole
_llseek
lstrcpynA
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
InterlockedIncrement
ReadConsoleA
InterlockedDecrement
GetNamedPipeHandleStateA
HeapFree
GetProfileStringW
BackupSeek
_lclose
GetModuleHandleW
GetConsoleAliasesLengthA
GetNumberFormatA
GetWindowsDirectoryA
GetCompressedFileSizeW
WaitNamedPipeW
GetUserDefaultLangID
InitializeCriticalSection
GlobalAlloc
LoadLibraryW
FatalAppExitW
ReadConsoleInputA
GetConsoleAliasExesLengthW
GetVersionExW
GetStringTypeExW
LocalReAlloc
GetOverlappedResult
GetVolumePathNameA
lstrlenW
GetPrivateProfileSectionNamesW
EnumSystemLocalesA
GetPrivateProfileIntW
GetLastError
GetCurrentDirectoryW
SetLastError
GetProcAddress
MoveFileW
OpenWaitableTimerA
CreateSemaphoreW
SetCalendarInfoW
GetFileType
MoveFileA
AddAtomW
RemoveDirectoryW
FoldStringW
FindNextFileA
FindFirstVolumeMountPointA
_lread
GetModuleHandleA
FreeEnvironmentStringsW
GetCurrentDirectoryA
EnumDateFormatsW
PeekConsoleInputA
GetShortPathNameW
SetFileShortNameA
ReadConsoleInputW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
GetConsoleProcessList
ReadConsoleOutputCharacterW
lstrcpyA
FlushFileBuffers
CloseHandle
CreateFileW
GetShortPathNameA
GetCommandLineW
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
RaiseException
GetModuleFileNameA
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
SetStdHandle
WriteConsoleW
DeleteFileA

user32

CharUpperW
CharUpperBuffW

gdi32

GetCharWidthFloatA

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 39.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

189fcb3cc81a9771ead68c0464a642d8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 153KB - Virtual size: 152KB

.data Size: 77KB - Virtual size: 39.1MB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 153KB - Virtual size: 152KB

.data
Size: 77KB - Virtual size: 39.1MB

.rsrc
Size: 18KB - Virtual size: 18KB