de72c199dc541cad63cf3b9b10ce0872[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

de72c199dc541cad63cf3b9b10ce0872.bin
Size

137KB
MD5

7beaf16dd90262d7d4f10238ae6b12da
SHA1

726db8d6c4ce2c8edb01eef6d5954a5c8108e4a5
SHA256

572352f09c7cfc884c9fa3f92b67e6620f154cafc9917a64ff1f3d6f77b5bc21
SHA512

28a90d78958399639d3273fa034a0872e495a8be0277eda0de5976808ecffbd7cec91bcf1cb827c1cb60574fd4ace4a68fe394daad0653142f2801baad6868eb
SSDEEP

3072:ofRiPtl+xIOu+QbFmF37DNuVu2rCNmzKlFh7Rr6xZ:KRjxIHhqr5uVuHW+r6xZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae9615ef2cde98c623153a01730c9b43bc2483d515c07cad75a53b96a7877d63.exe

Files

de72c199dc541cad63cf3b9b10ce0872.bin
.zip

Password: infected
ae9615ef2cde98c623153a01730c9b43bc2483d515c07cad75a53b96a7877d63.exe
.exe windows x86

Password: infected

7f0775ef2eb7ace0c39946c510e73424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
CreateFileA
GlobalDeleteAtom
SetThreadContext
WriteConsoleInputW
SetFilePointer
PeekNamedPipe
SetConsoleTextAttribute
OpenJobObjectA
GetLogicalDriveStringsW
InterlockedCompareExchange
OpenSemaphoreA
CreateHardLinkA
GetTickCount
FormatMessageA
LoadLibraryW
FindNextVolumeW
GetFileAttributesW
FileTimeToSystemTime
GetGeoInfoA
IsDBCSLeadByte
GetModuleFileNameW
GlobalUnlock
GetShortPathNameA
GetLastError
BackupRead
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
GetTempFileNameA
LoadLibraryA
FoldStringA
FindNextFileA
GetThreadPriority
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
FindFirstVolumeA
GetConsoleProcessList
ReadConsoleOutputCharacterW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CloseHandle
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetEndOfFile

user32

GetMessageExtraInfo
ChangeMenuA
LoadMenuA
GetClassInfoExW
DdeQueryStringA
CharToOemBuffA

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7f0775ef2eb7ace0c39946c510e73424

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 12KB - Virtual size: 711KB

.rsrc Size: 33KB - Virtual size: 1.3MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 12KB - Virtual size: 711KB

.rsrc
Size: 33KB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 9KB