572a8f8ae2b9147a829e565228fc37a3[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

572a8f8ae2b9147a829e565228fc37a3.bin
Size

129KB
MD5

397fe09adbe6890da0638d4f06f8d253
SHA1

f01809187ab1c1e3f5655679ee9ad777d6b5d335
SHA256

a42893b2613fa686068ed089a100502c69f714687d2415e8a3b8c630c2f40ca4
SHA512

2f544b9f5c72c5fc914f1ab08a39e154950674947279c991e7fddc6b666c45daf5c4508cc4435f770fd52aa3273aab79d2a4ac345ab47a9e324e9f3b975d2fc0
SSDEEP

3072:ivA4swwYbe99X2vjnApM5Q9o+/s1vHKugAzQc7:i2Z599XQj4QQ93E5KugAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fa77af9bbb1aa81e1db1fb58ac2e7b5f5f972d4ec7e2594e165f6a6f836f5c7c.exe

Files

572a8f8ae2b9147a829e565228fc37a3.bin
.zip

Password: infected
fa77af9bbb1aa81e1db1fb58ac2e7b5f5f972d4ec7e2594e165f6a6f836f5c7c.exe
.exe windows:5 windows x86

Password: infected

77bb604ddb8d2a9df61815c9b5a4d907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
WriteConsoleInputW
GetConsoleAliasExesA
GetDriveTypeW
CommConfigDialogA
WriteConsoleOutputCharacterA
FindResourceW
GetModuleHandleExW
WriteConsoleInputA
SetComputerNameW
UnlockFileEx
GenerateConsoleCtrlEvent
GetCompressedFileSizeW
WaitNamedPipeW
GetCommandLineA
GetEnvironmentStrings
GlobalAlloc
LoadLibraryW
GetLocaleInfoW
ReadConsoleInputA
CopyFileW
SetConsoleCP
GetConsoleAliasW
GetWriteWatch
GetFileAttributesW
ReplaceFileW
ReadFile
FindNextVolumeMountPointW
GetStartupInfoW
SetConsoleTitleA
DeactivateActCtx
GetShortPathNameA
GetConsoleAliasesW
FindFirstFileA
GetLastError
GetVolumeNameForVolumeMountPointA
ReadConsoleOutputCharacterA
PeekConsoleInputW
VerLanguageNameA
SetVolumeLabelW
MoveFileW
RemoveDirectoryA
CopyFileA
EnumSystemCodePagesW
FreeUserPhysicalPages
GetTempFileNameA
GetProcessVersion
FindClose
AddAtomW
CreateEventW
HeapLock
GetCommMask
AddAtomA
FoldStringW
FoldStringA
GetSystemInfo
FindNextFileA
GetModuleHandleA
GetCommTimeouts
lstrcatW
FindNextFileW
VirtualProtect
QueryPerformanceFrequency
OpenSemaphoreW
GetWindowsDirectoryW
MoveFileWithProgressW
GlobalAddAtomW
EnumSystemLocalesW
lstrcpyW
DeleteFileA
WriteConsoleW
FlushFileBuffers
SetLastError
GetSystemDefaultLangID
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
WriteFile
GetModuleFileNameW
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
RtlUnwind
HeapSize
SetStdHandle
CreateFileW

user32

CharUpperW

advapi32

AbortSystemShutdownW

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

77bb604ddb8d2a9df61815c9b5a4d907

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 226KB - Virtual size: 226KB

.data Size: 6KB - Virtual size: 3.5MB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 226KB - Virtual size: 226KB

.data
Size: 6KB - Virtual size: 3.5MB

.rsrc
Size: 25KB - Virtual size: 25KB