41b73532e032edc10a1aa2ad6b992225[.]bin

General

Target

41b73532e032edc10a1aa2ad6b992225.bin
Size

28KB
MD5

d59f9826fd78c808e07d833b70739dcf
SHA1

5a743f8c73994aef392977040bbdbe0dd899a3d7
SHA256

a2b73f98a5b832175d245f382fd52c173df5e66f6980bce1441d836dc1294a03
SHA512

bd0f9d8a9363bac7a246720f244639276e25f6d9b8191999d98e1246d70fea04648a0fdd2df3cecfcfd2918ff1f74ed16072f0454cd9c7fcf33ee6d59a9d0448
SSDEEP

768:88yfMkDSUplq/q0YJAS5FAOLOS2g7tJ90ap:cftG3DD+7OHgWap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/818d7a37a915206c760ff990974cbc0138dca2f39d38c3b51f2050f40959d20e.dll

Files

41b73532e032edc10a1aa2ad6b992225.bin
.zip

Password: infected
818d7a37a915206c760ff990974cbc0138dca2f39d38c3b51f2050f40959d20e.dll
.dll windows:4 windows x86

bdc1ddee8a0a5b8cfce37a52cc564184

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
ReadFile
FindClose
LockResource
SizeofResource
LoadResource
FindResourceA
ReadProcessMemory
GetCommandLineA
OpenProcess
TerminateProcess
Process32Next
OutputDebugStringA
Process32First
CreateToolhelp32Snapshot
FindNextFileA
Module32Next
Module32First
GetCurrentProcess
GetProcAddress
LoadLibraryA
LoadLibraryExA
SetErrorMode
SetFileAttributesA
VirtualQuery
ExitProcess
FreeLibrary
GetVersion
CreateFileA
CloseHandle
GetFileAttributesA
GetSystemDirectoryA
CreateProcessA
GetModuleFileNameA
GetShortPathNameA
GetLastError
MoveFileExA
GetTickCount
Sleep
DeleteFileA
MoveFileA
GetWindowsDirectoryA
GetVersionExA
lstrcatA
CopyFileA

use

CharNextA
CharUpperA
CharLowerA

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bdc1ddee8a0a5b8cfce37a52cc564184

Headers

File Characteristics

Imports

kernel32

use

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 8KB - Virtual size: 5KB