TR[.]bin | Triage

Sharing

General

Target

TR.bin
Size

34KB
MD5

5ebcfed001c94937be9cc591da52c791
SHA1

c23efbf940ed5151423a104ce6cfc38978df4d39
SHA256

bcd559f3c8a3c9b8887e1e2a8935fc373e17874729587f3a87fae4044ce23001
SHA512

27c113311e3228c868632ed7903daee66600b100ef680919be90dbe767b83dae3eef2bfa0da3992651c8c1f50a4853cc65990f0901cdf119f9961cea70602761
SSDEEP

384:SPYgoVFCScn27DjrKwTb4oCiyNUr2NEfHjvSzxXuqOrq6n657WXPbNhtB/df:sYZVFCbn27DjrH/4HRmMx+667XTN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TR.bin

Files

TR.bin
.exe windows x86

Password: infected

1b075ea841673b07c60264fe622008da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

shlwapi

wnsprintfW
wnsprintfA
StrStrW

shell32

SHEmptyRecycleBinA

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

kernel32

ExitProcess
GetLogicalDriveStringsW
GetModuleHandleA
GetUserDefaultLangID
lstrlenW
GetCurrentProcess
GetProcAddress
LoadLibraryA
MoveFileW
lstrcmpW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
ReadFile
WriteFile
Sleep
InterlockedExchangeAdd
SetFilePointerEx
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
QueueUserWorkItem
CloseHandle
lstrcpyW

user32

GetKeyboardLayoutList
CharLowerW

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
VariantInit

msvcrt

memcpy

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ