f5830dc3fe80761eb82a0754b1697e6b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f5830dc3fe80761eb82a0754b1697e6b.bin
Size

139KB
MD5

63970c8068e7c46796db518e9eb56ad1
SHA1

392cd95e9a26cf77f24d1efd2e7751016050ddfd
SHA256

433da5edf5e6ec56e9c19b942c086171a2d41091ffe7e3bc6f98a52731a7f0e0
SHA512

a8483c4a50f0986b2e210aab30b095b45d31d7c3f3965cbe6205d22b57ac54965906ea3bad7c50d033270254be2d71a17ade87c237241d4dc9ea9c435c779b7b
SSDEEP

3072:rTzI7IaEbX+ADww0tpFACuu6SRZQNBw7U+GsAoEssXyJCE:zI7rxw0tp2CYSMBw7U+GSEsoyH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ddce7321ecf07394badc64ef8b5fc6000b56c517f7ed6dc1506e4c6c8b4b29a6.exe

Files

f5830dc3fe80761eb82a0754b1697e6b.bin
.zip

Password: infected
ddce7321ecf07394badc64ef8b5fc6000b56c517f7ed6dc1506e4c6c8b4b29a6.exe
.exe windows:5 windows x86

Password: infected

775c7d434cffd499e537a34db4132a29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
WriteConsoleInputW
GetConsoleAliasesLengthW
GetConsoleAliasExesA
FindResourceW
ReadConsoleA
GetNamedPipeHandleStateA
GetModuleHandleExW
GetComputerNameW
FreeEnvironmentStringsA
FindNextVolumeMountPointA
EnumTimeFormatsW
GetCommandLineA
GetDriveTypeA
GetEnvironmentStrings
FindResourceExA
GetConsoleCP
LoadLibraryW
GetLocaleInfoW
SetConsoleCP
DeleteVolumeMountPointW
InterlockedPopEntrySList
GetFileAttributesA
HeapQueryInformation
SetSystemPowerState
GetCompressedFileSizeA
MultiByteToWideChar
GetVolumePathNameA
GetStartupInfoW
DisconnectNamedPipe
GetTempFileNameW
GetShortPathNameA
GetConsoleAliasesW
GetLastError
SetLastError
PeekConsoleInputW
MoveFileW
EnumSystemCodePagesW
SetComputerNameA
LoadLibraryA
LocalAlloc
SetCalendarInfoW
CreateHardLinkW
AddAtomW
RemoveDirectoryW
OpenJobObjectW
FindAtomA
GetTapeParameters
GetModuleHandleA
FindNextFileW
GetStringTypeW
VirtualProtect
PurgeComm
QueryPerformanceFrequency
FindFirstVolumeA
GetWindowsDirectoryW
GetCurrentProcessId
AddConsoleAliasA
ReadConsoleOutputCharacterW
SwitchToThread
GetCommandLineW
FlushFileBuffers
GetVolumeNameForVolumeMountPointA
WideCharToMultiByte
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
DeleteFileA
HeapReAlloc
HeapSetInformation
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
IsProcessorFeaturePresent
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
Sleep
SetStdHandle
GetConsoleMode
RtlUnwind
HeapSize
WriteConsoleW
ReadFile
CloseHandle
CreateFileW

user32

CharUpperBuffA
CharUpperA

gdi32

GetCharWidthA
GetKerningPairsA

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 30.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

775c7d434cffd499e537a34db4132a29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 233KB - Virtual size: 233KB

.data Size: 15KB - Virtual size: 30.3MB

.rsrc Size: 46KB - Virtual size: 45KB

.text
Size: 233KB - Virtual size: 233KB

.data
Size: 15KB - Virtual size: 30.3MB

.rsrc
Size: 46KB - Virtual size: 45KB