36ddbb67babd960428783c926e9eb4e8[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

36ddbb67babd960428783c926e9eb4e8.bin
Size

144KB
MD5

1f45f909e85a39b7e16a7b2a5da856a9
SHA1

97f6c2235d5fbf0e9f0b10a0437bdce2f52cb890
SHA256

7e397780365c08d382d9ef8f4fc3f722cedfbd5c653480567d633f2f73ee2bb9
SHA512

16526fec18a4a67f4c59e1426cea4f09c63279ef79916a2d628e388f4cffd3658467a13037057a2ae81b33b312979309fcd7e74f360374e410cf1fa17c0e93ec
SSDEEP

3072:Y7j8eq9v/vM+omf2ayr1iBXorx4qMH0n59pnP130vyJz/kCeE:Ig9vMRay5CYrmqMW5jPxaCrkBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2e6a082a870132c3c47e698398dd6fd3d7941d13737f00af1f70b730ef50ad2a.exe

Files

36ddbb67babd960428783c926e9eb4e8.bin
.zip

Password: infected
2e6a082a870132c3c47e698398dd6fd3d7941d13737f00af1f70b730ef50ad2a.exe
.exe windows:5 windows x86

2d6b4f4a9e62e7d851c0b57974ea64af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoW
ReadConsoleA
GetCurrentProcess
SetDefaultCommConfigW
GetEnvironmentStringsW
GetModuleHandleExW
GetComputerNameW
SetCommBreak
CreateHardLinkA
GetSystemDefaultLCID
FreeEnvironmentStringsA
GetConsoleAliasesA
ReadConsoleW
GetConsoleAliasExesW
EnumTimeFormatsW
GetCommandLineA
TzSpecificLocalTimeToSystemTime
GlobalAlloc
LoadLibraryW
SetCommConfig
GetLocaleInfoW
InterlockedPopEntrySList
TransactNamedPipe
EnumSystemCodePagesA
HeapQueryInformation
GetCompressedFileSizeA
MultiByteToWideChar
GetStartupInfoW
DisconnectNamedPipe
DeleteVolumeMountPointA
GetNamedPipeHandleStateW
GetLastError
GetCurrentDirectoryW
ChangeTimerQueueTimer
SetLastError
GetTempFileNameA
LocalAlloc
GetFileType
MoveFileA
RemoveDirectoryW
FindAtomA
FindNextFileA
GetModuleHandleA
SetLocaleInfoW
FatalExit
RequestDeviceWakeup
CreateMailslotA
GetStringTypeW
VirtualProtect
QueryPerformanceFrequency
PeekConsoleInputA
SetCalendarInfoA
FindFirstVolumeA
FindAtomW
GetWindowsDirectoryW
AddConsoleAliasA
OpenFileMappingA
FindResourceW
GetCommandLineW
GetDriveTypeW
GetConsoleAliasesLengthW
WriteConsoleInputW
GetShortPathNameA
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
DeleteFileA
HeapReAlloc
HeapSetInformation
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
SetFilePointer
FreeEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
HeapSize
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
ReadFile
WriteConsoleW
CloseHandle
CreateFileW

user32

CharUpperA

gdi32

SetBkColor
GetCharWidthA
GetKerningPairsA

advapi32

ReadEventLogA

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2d6b4f4a9e62e7d851c0b57974ea64af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 234KB - Virtual size: 234KB

.data Size: 15KB - Virtual size: 33.3MB

.rsrc Size: 55KB - Virtual size: 54KB

.text
Size: 234KB - Virtual size: 234KB

.data
Size: 15KB - Virtual size: 33.3MB

.rsrc
Size: 55KB - Virtual size: 54KB