cf813610a1e3b652704514453bfa0d29[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

cf813610a1e3b652704514453bfa0d29.bin
Size

139KB
MD5

cc54efe091c551dd764c0fe206816bc0
SHA1

105cf6dddd795f1625bdf508998f5ec350547170
SHA256

594d464c62625fa6ca8c08d1a364c371b8dac66f2669631b10a484e5690758f4
SHA512

9ecddb75b1d9f0140f6506412fd6e29b762c8f8e9ce534ecc1084f1db247abc209e8a5d6c124a1cdd197ffbe6a35ed46669ee35010b9d6d4fcf86124b6599c32
SSDEEP

3072:3QCHCIEhUCj51CgbRbHl8Zg9xTTpP1bAWEhg/eQT:3QCiIEhUC91jbRbHg4xTTpFjfWQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3f92824961eb95e3a9fa8e84179e819f5894e5510a6355ed38f97c8b1a2622c8.exe

Files

cf813610a1e3b652704514453bfa0d29.bin
.zip

Password: infected
3f92824961eb95e3a9fa8e84179e819f5894e5510a6355ed38f97c8b1a2622c8.exe
.exe windows:5 windows x86

673deaa24fd33f7044932184f2c34eb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
CreateFileA
GlobalDeleteAtom
SetThreadContext
WriteConsoleInputW
SetFilePointer
PeekNamedPipe
SetConsoleTextAttribute
OpenJobObjectA
GetLogicalDriveStringsW
InterlockedCompareExchange
OpenSemaphoreA
CreateHardLinkA
GetTickCount
FormatMessageA
LoadLibraryW
FindNextVolumeW
GetFileAttributesW
FileTimeToSystemTime
GetGeoInfoA
IsDBCSLeadByte
GetModuleFileNameW
GlobalUnlock
GetShortPathNameA
GetLastError
BackupRead
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
GetTempFileNameA
LoadLibraryA
FoldStringA
FindNextFileA
GetThreadPriority
FindFirstChangeNotificationA
FreeEnvironmentStringsW
EnumResourceNamesA
FindFirstVolumeA
GetConsoleProcessList
ReadConsoleOutputCharacterW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CloseHandle
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetEndOfFile

user32

ChangeMenuA
LoadMenuA
GetClassInfoExW
DdeQueryStringA
CharToOemBuffW
GetMessageExtraInfo

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

673deaa24fd33f7044932184f2c34eb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 12KB - Virtual size: 711KB

.rsrc Size: 34KB - Virtual size: 1.3MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 12KB - Virtual size: 711KB

.rsrc
Size: 34KB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 9KB