stage2_payload[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stage2_payload.bin
Size

101KB
MD5

185de5c888cb6d9b3b445283f771dc0f
SHA1

677662e0ab021290342380f62b1821596933bb62
SHA256

725c345378b23ea61e130597021b2e89382539fcd1f2955ab390bc8ba942c56e
SHA512

73a1c9563e411855ba650612ef43d110401240806765ffb85a90a27b751249df4c731c059fe30f6cd8f53ed5892b905c8e31410d1b971c503ce243f712118359
SSDEEP

1536:++LDkDXWg1IIfbMny0eDEgU5ZOw9mbNFG7x6pt9Dvdp8R+jHb546+qUlE4SJrIaO:zLu1xMy0117esKhpV46+8raY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stage2_payload.bin

Files

stage2_payload.bin
.exe windows x86

cd99bce8ebad6bc5866d19d9d387c282

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcat
memcpy
malloc
realloc
strtok_s
atexit
memset
memcmp

kernel32

VirtualFree

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ