e78da3d9cfce2ac04d65956d9df0338e[.]bin

General

Target

e78da3d9cfce2ac04d65956d9df0338e.bin
Size

144KB
MD5

8daf2dfc9e0a211754d1c8f79701d039
SHA1

4c917e57e87c0ac545538b3f885afb670e21a730
SHA256

07d81e085b268bbe67ecfc252ece58617e725c2f0c4aa79073d97c880b048a93
SHA512

c211c8853123a850b7c78af4ff0cc02d22526b6da23837c1c9d7af7ea418c587b9f9443c480517b50bdb5f9512141e8920c508952014de4ae4d560ac4cbe0959
SSDEEP

3072:hgM48I9tArMCRnzQF7xcRZoNGcuV77yPR6PWyNBCNoxXuH:Q8I9tArMuQERZoNM7aRwBuH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/501727e9946f08536bc0bfc2970104967244dfabbdff24475f5cbd34aa3ac895.exe

Files

e78da3d9cfce2ac04d65956d9df0338e.bin
.zip

Password: infected
501727e9946f08536bc0bfc2970104967244dfabbdff24475f5cbd34aa3ac895.exe
.exe windows:5 windows x86

Password: infected

84e31d32a2cb7830e40cfcbea395c7a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetModuleHandleA
CreateFileW
FreeConsole
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
HeapReAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bqwez
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

84e31d32a2cb7830e40cfcbea395c7a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 108KB - Virtual size: 107KB

.bqwez Size: 11KB - Virtual size: 10KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 180KB - Virtual size: 187KB

.text
Size: 108KB - Virtual size: 107KB

.bqwez
Size: 11KB - Virtual size: 10KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 180KB - Virtual size: 187KB