4f744666d2a2dc95419208c61e42f163[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f744666d2a2dc95419208c61e42f163.bin
Size

1KB
MD5

4c3f43dcf8406ddd97ec49160b51f36f
SHA1

f1c7def40b0b5675349cea1cca75f93f213abbf2
SHA256

969286e3ab823ddf1da88ab286a14ccdb03598e242a1d9a697b5c6a97b63a608
SHA512

4d13a733f0d9ef2783e532e7900905df5a5f54e3e6153009865e9267e277d9e8ac6596f0e27538cfb83798e1ee3c5f9abe2232570780b242aa8bffcccc5a6319

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb.exe

Files

4f744666d2a2dc95419208c61e42f163.bin
.zip

Password: infected
4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb.exe
.dll windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 512B - Virtual size: 19B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ