beacon[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

beacon.zip
Size

64KB
MD5

6af8374c2df7dfa7884390bc9c7bcf6b
SHA1

ccc8b82d77e202efa2b2823b152902878256f118
SHA256

0e0ef789daf51f318ac7aa6c253f8048b3ff1086ed980f81e91ee16d70147946
SHA512

434d63530779961b756bb3d9479ca7f6b8a43a090d50a51a01b21fdcfe9481660e9e4357718665a1b0488c1fc5beafca0858a3bed1602049caf077b494f3a4c0
SSDEEP

1536:vqjdYvQj6Vo0rPnGSJ5nSOhlPj+8A4wd3ZfdueJckl3m9ToEH18nf6:ipexVo0rGm5nSOLK62ZfdJJCT7VS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jxe6b2d7bce047ec022.exe

Files

beacon.zip
.zip
beacon.bat
jxe6b2d7bce047ec022.exe
.exe windows x86

caad7bfbaac173177de7beabb7c35c11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableA
GlobalAlloc
IsDebuggerPresent
GetComputerNameA
WriteConsoleW
CreateFileW
ReadConsoleW
GetLastError
GetCommandLineA
FindClose
InitializeCriticalSectionEx
FindNextFileA
FindFirstFileA
GetCurrentProcessId
MoveFileA
ReadFile
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCPInfo
GetOEMCP
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapFree
CloseHandle
HeapAlloc
MultiByteToWideChar
LCMapStringW
MoveFileExW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
SetEndOfFile

advapi32

GetUserNameA
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptReleaseContext
CryptAcquireContextA

shell32

ShellExecuteA

wininet

HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetOpenA
HttpOpenRequestA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caad7bfbaac173177de7beabb7c35c11

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

version

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB