6d3834c2958604a2436f2a6e50ae4a3a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

6d3834c2958604a2436f2a6e50ae4a3a.bin
Size

139KB
MD5

a39fb8d6ce3327e4cb08348c00dce7ea
SHA1

454f7820634e8420f8dc4946b2cf91340c78b658
SHA256

891b1e00f63f515d722c09e6cfee73b250f9790bb599c4d600bf7a17f456f88c
SHA512

5bc609da74d12f5b36807df535ce3d7ab275f04487080c8c692072b73e392f8a27d2c110e5f5766e02d36eb37b5a39c173faa1392060e6693d7b28596198ee78
SSDEEP

3072:pyhNtplbxAy74BriytN9Hn2eoGOx6MuM03EqDRRaqWL7BW1nS4rxcW1b:pGNzFxAC4pT90GrNM0V1a8n5xV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/063930ca4af89dcbaa0cd81d3c7a909358ca52842d421df5c73cc49fb8e6c5e1.exe

Files

6d3834c2958604a2436f2a6e50ae4a3a.bin
.zip

Password: infected
063930ca4af89dcbaa0cd81d3c7a909358ca52842d421df5c73cc49fb8e6c5e1.exe
.exe windows x86

Password: infected

c162655c06b130468cfab3905d6d22e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocaleInfoA
EnumCalendarInfoA
GetConsoleAliasesLengthW
GetConsoleAliasExesA
GetDriveTypeW
FindResourceW
MoveFileExW
SetDefaultCommConfigW
CreateJobObjectW
GetNamedPipeHandleStateA
WriteConsoleInputA
GetTimeFormatA
SetCommBreak
GetSystemDefaultLCID
FreeEnvironmentStringsA
ReadConsoleW
GetCompressedFileSizeW
EnumTimeFormatsW
GetEnvironmentStrings
GetConsoleCP
GlobalAlloc
LoadLibraryW
SetCommConfig
TerminateThread
GetLocaleInfoW
FatalAppExitW
IsBadCodePtr
DeleteVolumeMountPointW
TransactNamedPipe
EnumSystemCodePagesA
LocalReAlloc
CompareStringW
GetStartupInfoW
SetProcessAffinityMask
DisconnectNamedPipe
GetShortPathNameA
GetPrivateProfileIntW
SetCurrentDirectoryA
FindFirstFileA
GetLastError
ChangeTimerQueueTimer
SetLastError
GetThreadLocale
CopyFileA
LocalAlloc
MoveFileA
RemoveDirectoryW
SetFileApisToANSI
GetOEMCP
FindNextFileA
GetModuleHandleA
GetProcessAffinityMask
FatalExit
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
PeekConsoleInputA
GetShortPathNameW
FindFirstVolumeA
TerminateJobObject
FindAtomW
GetWindowsDirectoryW
AddConsoleAliasA
DebugBreak
OpenFileMappingA
EnumSystemLocalesW
RaiseException
GetTempFileNameW
GetComputerNameA
CreateMailslotW
GetCommandLineW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
DeleteFileA
HeapReAlloc
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameW
HeapFree
HeapCreate
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
SetStdHandle
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
RtlUnwind
GetCPInfo
GetACP
IsValidCodePage
MultiByteToWideChar
HeapSize
IsProcessorFeaturePresent
WriteConsoleW
LCMapStringW
GetStringTypeW
ReadFile
CloseHandle
CreateFileW

user32

CharUpperA

gdi32

GetBoundsRect
GetTextFaceW
SetBkColor

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c162655c06b130468cfab3905d6d22e3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 232KB - Virtual size: 232KB

.data Size: 17KB - Virtual size: 2.8MB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: 232KB - Virtual size: 232KB

.data
Size: 17KB - Virtual size: 2.8MB

.rsrc
Size: 44KB - Virtual size: 43KB