b315238fea583211a25a8afff1794557[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b315238fea583211a25a8afff1794557.bin
Size

3.8MB
MD5

585ea3d39258267c12d70f3f7d6c5a47
SHA1

a0a1cb1cbeb02ba24fc885b172962cefa64e80a9
SHA256

a89f8ad0c7b7eecf9b99f892d23353a1e58b27c9328ef119e41dd0a21f06209a
SHA512

24c3de918bf14332d1a0ad42448ca66f9a525b6b9ee2018896098f5f8e695105c1b4593bf59e721c645c8001bb5dee9fdec46ed8af480f0dfe39fbdff10e7b80
SSDEEP

98304:8Q72CCD0r3AliYnLwVYtO4U8DOTDVQjediBzUFI:WCCDBl9nL5tOx8DWDVOe6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/20283e9b8b36e8251ab558fcb2df66cbe54dc36a7ded7a3dd33425eaab2a2222.exe

Files

b315238fea583211a25a8afff1794557.bin
.zip

Password: infected
20283e9b8b36e8251ab558fcb2df66cbe54dc36a7ded7a3dd33425eaab2a2222.exe
.exe windows:4 windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 741KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ