b2bfab36a886a8e2a91101629f04b542[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b2bfab36a886a8e2a91101629f04b542.bin
Size

123KB
MD5

af6e69795442e6b9c9b961c195dd0268
SHA1

37b22ebcdf7d9438e8d51171b5a52c8480a900f2
SHA256

0da061590e0acf54ce7aace2298773d861e53079ae5f4a64e6614f6c480704b2
SHA512

10238857018b95e02d0e2db97632391daa157741a19716ecfc5bd85e9164cc8da208f2990d20c0b89e62dff597f8dd36cddb5f486b3e863cec574d4b35d4b13b
SSDEEP

3072:F/Gmo8r6XW9i6LICTDDOY+CfuvN1tsV9ulYp:FI501LmYrDV9uSp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e6eb582263483a2124bcbc449fad044973c034337bb832ed2991ca2d9685e15c.exe

Files

b2bfab36a886a8e2a91101629f04b542.bin
.zip

Password: infected
e6eb582263483a2124bcbc449fad044973c034337bb832ed2991ca2d9685e15c.exe
.exe windows x86

Password: infected

8c0d97e36730a503ca32cb239693e246

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetProcAddress
DecodePointer
EncodePointer
WriteConsoleW
SetEndOfFile
GetFileSizeEx
HeapReAlloc
HeapSize
GetConsoleCP
FlushFileBuffers
CloseHandle
CreateFileW
SetConsoleCtrlHandler
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileType
GetCurrentThread
OutputDebugStringW
RaiseException

odbc32

ord2
ord56
ord70
ord8
ord254
ord17
ord266
ord72
ord276

mpr

MultinetGetConnectionPerformanceW
WNetGetNetworkInformationA
WNetGetUserW
WNetGetUniversalNameW
WNetCancelConnection2W

wsock32

ord1113
WSAAsyncGetProtoByName
ord1115
recvfrom
ord1112
WSACancelBlockingCall
ioctlsocket
getservbyport

rtm

RtmGetNextRoute
RtmDeleteRoute
RtmIsRoute
RtmAddRoute
RtmGetNetworkCount
RtmDeregisterClient

mscms

SetColorProfileHeader
AssociateColorProfileWithDeviceW
CloseColorProfile
CheckBitmapBits

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8c0d97e36730a503ca32cb239693e246

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

mpr

wsock32

rtm

mscms

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 360B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 360B

.rsrc
Size: 512B - Virtual size: 480B