9ab9bb50d51e41faa3701c170847482c[.]bin | Triage

Sharing

General

Target

9ab9bb50d51e41faa3701c170847482c.bin
Size

629KB
MD5

3ec82fe62d363f10a63be952fe967b75
SHA1

b7546246e54c922f076b83299c7a3d9f5074ea52
SHA256

e45c5090069a156f8a1458b92237a40199d7072a321e34b500e7e911279c8a53
SHA512

65da4c251c54fcb36f5a43b60d8c64417ddccedc2ca660a9ec1aa48f4f39258b5fbaa3d03a2bcae726fc0100086f24d00d7804be3aafdd087f0dccc9c090dca6
SSDEEP

12288:v5oTN9R6g/1O+g4wM9SUK0YVv76orPlh0yqeEq5KpWTPS1uD7TBFa6x:v5kXRV/1S4wv0q1/XEqMi7TBFa2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c21780bbce51e887ead9136cbe9bf5988c58464863144ab83035a1c2b5828387.exe

Files

9ab9bb50d51e41faa3701c170847482c.bin
.zip

Password: infected
c21780bbce51e887ead9136cbe9bf5988c58464863144ab83035a1c2b5828387.exe
.exe windows:5 windows x86

Password: infected

3f612a85b383fc846fb2c4f939b907f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryExW
WriteConsoleW
GetShortPathNameW
CloseHandle
HeapReAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreA
LoadLibraryA
CreateThread
OpenMutexW
lstrcmpi
FindClose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.data
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ