8d18fea5750aede09464bbbd7c0df6a6[.]bin | Triage

Sharing

General

Target

8d18fea5750aede09464bbbd7c0df6a6.bin
Size

814KB
MD5

5d752789989b3f39b27de52fec19ebad
SHA1

46c801cb6567ada241d98ad9d6dabf535a1f88c0
SHA256

1dc94def4961bb0588f4215d20fed2c50e72311139642d977f0c099ed7155d18
SHA512

268fa0f969ea810fa2812cee32b55cfb47bf0e07caa55691b01906e6bde5e1e02bd03c31708718d2db7dadafbf01a1add2d11306e72f402ea69ca827b409a31a
SSDEEP

24576:3+P9neQvUKgqav6U49m5km9srPTFM1w8/:Oh7MKgqs1yPGuRMGs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d72af640b71b8e3eca3eba660dd7c7f029ff8852bcacaa379e7b6c57cf4d9b44.dll

Files

8d18fea5750aede09464bbbd7c0df6a6.bin
.zip

Password: infected
d72af640b71b8e3eca3eba660dd7c7f029ff8852bcacaa379e7b6c57cf4d9b44.dll
.dll windows:6 windows x86

Password: infected

d7637d01603047c46356b8ae53adf518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
ConvertThreadToFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
FindFirstFileA
FindNextFileA
GetSystemDirectoryA
SetCurrentDirectoryA
ReadFile
SetFilePointer
ReleaseActCtx
SetFileTime
VirtualAlloc
DeviceIoControl
GetLocalTime

Exports

Exports

GPa606j
HUF_inc_var
Tsw3286E

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ