file[.]bin | Triage

Sharing

General

Target

file.bin
Size

855KB
MD5

80528527df5b3bd11fabbc72dc9716d5
SHA1

06f2a003faa1b9137081e45c73f4be5965985c16
SHA256

574cc6f3726ab64b24fef1f70f253f2baca230fd190e15ef996fd75cdf705d46
SHA512

cb99504eb688f766329ccad8a3ae3b2e5c41b1a775c24812b3c5402f7cc8ede969adfc2ac6fc5b538775a6ff882cee3bb4791e660a555b8f20bfcf381620211f
SSDEEP

12288:/xZuHO3MEug1escxysaxiSQfHx4j6gmQPnMRo0XzZjnXh4SzxxWi7+m51:KHOtujby1kRsYQPnuRZT7+m51

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.bin

Files

file.bin
.dll windows:6 windows x86

d7637d01603047c46356b8ae53adf518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
ConvertThreadToFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
SetCurrentDirectoryA
ReadFile
SetFilePointer
ReleaseActCtx
SetFileTime
VirtualAlloc
DeviceIoControl
GetLocalTime

Exports

Exports

GPa606j
HUF_inc_var
Tsw3286E

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ