8158e732ec628c2d681a6896583b3b3a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

8158e732ec628c2d681a6896583b3b3a.bin
Size

148KB
MD5

c4cebff77a2e70cb9693e5eb50884e61
SHA1

942dbb2a1a1fb7b79a9eed91772815923a5a239b
SHA256

26e498702c3c572e98e77de699e527e67c0e2de59fd113a12a48f3704cf76df5
SHA512

d30d578b09c1c94e1508f3a852d660f4a4ebbf313695cd11d5eb8b7ac785f5050a64ecc4cdfe2c4673e7c4054558c7e3b142c491dbd0edf50418bf23a6d00c5d
SSDEEP

3072:I54ebmPnyGCI7MEOjaYVKC9sNZOGQHJZiuFXTAP/Rl:3PnbCI7MESVKC9aOGQpZtlshl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ec5b67d263ca1afc21d4a28bf5fadfc0697c531c23c5993a114ac24608628f87.exe

Files

8158e732ec628c2d681a6896583b3b3a.bin
.zip

Password: infected
ec5b67d263ca1afc21d4a28bf5fadfc0697c531c23c5993a114ac24608628f87.exe
.exe windows x86

Password: infected

dd524e0314968bf576181253b87644dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatus
FindFirstFileW
WriteConsoleInputW
SetFilePointer
DebugActiveProcessStop
LoadResource
ClearCommError
InterlockedDecrement
GetCurrentProcess
SetEnvironmentVariableW
InterlockedCompareExchange
FreeEnvironmentStringsA
GetModuleHandleW
GetConsoleAliasesA
ReadConsoleW
GetDateFormatA
LoadLibraryW
ReadConsoleInputA
GetSystemWindowsDirectoryA
GetConsoleAliasExesLengthW
GetVersionExW
CreateFileW
GetVolumePathNameA
InterlockedExchange
GetLastError
GetProcAddress
VirtualAlloc
LocalLock
CopyFileA
GetConsoleDisplayMode
VirtualAllocEx
LoadModule
CreateHardLinkW
SetConsoleCtrlHandler
ContinueDebugEvent
FatalExit
FindNextFileW
DeleteAtom
GetTempPathA
AreFileApisANSI
CloseHandle
CreateFileA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetModuleHandleA
HeapSize

user32

FlashWindowEx
CharUpperBuffA
LoadMenuW
CharLowerBuffA
OemToCharW

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dd524e0314968bf576181253b87644dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 161KB - Virtual size: 160KB

.data Size: 18KB - Virtual size: 20.5MB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 161KB - Virtual size: 160KB

.data
Size: 18KB - Virtual size: 20.5MB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 39KB - Virtual size: 38KB