855bbd368c56cab24be6bf86219d36b6[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

855bbd368c56cab24be6bf86219d36b6.bin
Size

344KB
MD5

7ad45c6b0e505680a50bc42800896516
SHA1

cdffb673954a429d0e8f6cdb6ba3e1799a4c024d
SHA256

3032534cf539e723da713b80ab24acccf64a5686b755f914361d4ddabbc0fa03
SHA512

2b301ddad04757029c2c7e4e1a4a6b98b76ed746f1fa7a2986b514195e51150d53da264ad9cc8f1ebad47c495bda19ad68103a8e3972a2206a3aeabbb8284e7e
SSDEEP

6144:xL/o3nztwpr80yjfKvvANm7IYeaClflqkBxialON1jSsKukBLKtpMLXk1k+NhWDU:ZojtqwrevjIYeaClrjslNKukBLKtGAkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a29cc91ce58a0f90b627584126f2f5ca6501222aeb3b893e9456be321b5e7afd.bin

Files

855bbd368c56cab24be6bf86219d36b6.bin
.zip

Password: infected
a29cc91ce58a0f90b627584126f2f5ca6501222aeb3b893e9456be321b5e7afd.bin
.exe windows x86

Password: infected

8ee8156b23aa2d1eebdc53a2bd0ca781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetComputerNameExA
FindResourceW
BuildCommDCBAndTimeoutsA
InterlockedDecrement
GetCurrentProcess
InterlockedCompareExchange
WriteConsoleInputA
AddConsoleAliasW
CreateHardLinkA
GetConsoleAliasesLengthA
GetConsoleTitleA
GetDateFormatA
LoadLibraryW
GetSystemWindowsDirectoryA
GetFileAttributesW
GetACP
GetShortPathNameA
FindFirstFileA
GetLastError
InterlockedFlushSList
PeekNamedPipe
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
VirtualAllocEx
SetFileApisToOEM
LoadLibraryA
SetFileApisToANSI
FindAtomA
EnumResourceTypesW
GetModuleHandleA
FreeEnvironmentStringsW
FileTimeToLocalFileTime
FindFirstVolumeW
CloseHandle
WriteConsoleW
GetConsoleOutputCP
SetFilePointer
CreateFileA
FindFirstChangeNotificationW
UnregisterWait
SetLastError
EnumResourceNamesW
WriteConsoleA
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoW

user32

ChangeMenuW
GetMessageExtraInfo
LoadMenuW
CharToOemBuffW

gdi32

GetCharacterPlacementA
GetPolyFillMode

advapi32

ReadEventLogW
ReportEventW

ole32

CoGetPSClsid

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8ee8156b23aa2d1eebdc53a2bd0ca781

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 330KB - Virtual size: 329KB

.data Size: 7KB - Virtual size: 31.9MB

.rsrc Size: 158KB - Virtual size: 157KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 330KB - Virtual size: 329KB

.data
Size: 7KB - Virtual size: 31.9MB

.rsrc
Size: 158KB - Virtual size: 157KB

.reloc
Size: 42KB - Virtual size: 41KB