213d5798c8c6bb8fab66b348e0175e65[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

213d5798c8c6bb8fab66b348e0175e65.bin
Size

140KB
MD5

886f182611b61e325a3c3d3283f4f9ab
SHA1

71691ccd3dae90d2095799d326d920d134f76c2d
SHA256

c5aa3a7b686254dd74b2268050fb3873cec987e3efcae910f3d20cf54de3785b
SHA512

3d9cbfe841943f3b7b52561b07e8dc856a2382754aeb5fd462fa73848ec54f05e810f191b0be80059b96017f4dc356021242140ffb404a11f62039a2402adada
SSDEEP

3072:AqHiUj4XTAKjRpfuZnLDf7H1ZZS7znTNNe9ayiQ:ASOTAdZHfLcPpNSay5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/97d844ff52da40be55f368ee5db3ff2fb0e925f2df6a877e56b8269326aeab53.exe

Files

213d5798c8c6bb8fab66b348e0175e65.bin
.zip

Password: infected
97d844ff52da40be55f368ee5db3ff2fb0e925f2df6a877e56b8269326aeab53.exe
.exe windows:5 windows x86

Password: infected

6d1ef2766ad947ed03bd197f051e8eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
SetConsoleTextAttribute
OpenJobObjectA
InterlockedCompareExchange
AddConsoleAliasW
CreateHardLinkA
GetTickCount
VirtualFree
GenerateConsoleCtrlEvent
GetNumberFormatA
ReadConsoleW
GetWindowsDirectoryA
GetDateFormatA
GetVolumeInformationA
GlobalFindAtomA
SizeofResource
SetVolumeMountPointA
TransactNamedPipe
CreateSemaphoreA
GetFileAttributesW
SetSystemPowerState
WritePrivateProfileSectionW
FileTimeToSystemTime
GetLastError
GetCPInfo
VirtualAlloc
SetVolumeLabelW
LoadLibraryA
OpenWaitableTimerW
GetFileType
RemoveDirectoryW
BeginUpdateResourceA
GetCommMask
AddAtomA
FoldStringA
FindNextFileA
FreeEnvironmentStringsW
ReadConsoleInputW
GetWindowsDirectoryW
ReadConsoleOutputCharacterW
OpenFileMappingA
FindNextVolumeA
TlsFree
CreateFileA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
DebugActiveProcess
EnumResourceNamesW
GetProcAddress
WriteConsoleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
MultiByteToWideChar
ReadFile
SetHandleCount
DeleteCriticalSection
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetMessagePos
ChangeDisplaySettingsW
CreateWindowStationW
GetWindowTextLengthA
LoadMenuW
CharToOemBuffW

gdi32

GetCharacterPlacementA

advapi32

InitiateSystemShutdownW

ole32

CoMarshalHresult

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6d1ef2766ad947ed03bd197f051e8eed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 7KB - Virtual size: 51KB

.rsrc Size: 31KB - Virtual size: 2.0MB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 7KB - Virtual size: 51KB

.rsrc
Size: 31KB - Virtual size: 2.0MB

.reloc
Size: 5KB - Virtual size: 4KB