db00d1061a8b3aab60fc407cd304ab06[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db00d1061a8b3aab60fc407cd304ab06.bin
Size

194KB
MD5

460878a5c8240bc534e410c82bd00ba5
SHA1

92f75bb3e05af770da5aaf9ce604d15b94dbe94b
SHA256

0478ab022c4edb67a326e89439d5dcd28f795afda6bc42282db1d64df483e17f
SHA512

db4c10457ec489f7e54b7bcc605fffb2f7a7ad7513cabae03268e6be74610904e955348ae4510d0134b986c743a6c3ab5e6e5ec5cb3a5040d6ec3e26829a1ba1
SSDEEP

6144:fZlQYNBf6GkM+W+7jDl+Ab6UBzLiAuahtX1:lH6u+WSBb6URi4tX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ad0bb5631f262607117452aee44ba2dd9d74a9c414a849212f05ce62e7af0766.dll

Files

db00d1061a8b3aab60fc407cd304ab06.bin
.zip

Password: infected
ad0bb5631f262607117452aee44ba2dd9d74a9c414a849212f05ce62e7af0766.dll
.dll windows x86

Password: infected

63bc622ddbb364868c646ebb5f982ffe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

Compress
CreateCompression
CreateDecompression
DeInitCompression
DeInitDecompression
Decompress
DestroyCompression
DestroyDecompression
InitCompression
InitDecompression
ResetCompression
ResetDecompression

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ