4189e743283da9d487bdd580dee38b94[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4189e743283da9d487bdd580dee38b94.bin
Size

162KB
MD5

65e3990f308d77757585a341bda2cd20
SHA1

8d788338a011b58a8d331b90841b41569190a5fd
SHA256

72dca1919822dfc686832b49d13a7c94f225aa24012e1c5169a1acc2fd689d46
SHA512

df329f9829c3e9d6deb178e71b10937eaaec8a23d0c67b248c88471d98f14e419bcf5c3f5f33c355c718df1c9b29b07d2669f124c7f54ce459ebcdae78433041
SSDEEP

3072:vKSk5zgkKUNJDB8Nbyt3fJO+fi9ddVG/WIqNdaAOXg+/jT0:vK/uZCz+byttEdrG/WUrX57T0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0e6a19b3bc5992a4b87006701bc2ef7aced896a8791a5386700f983db6d5039d.exe

Files

4189e743283da9d487bdd580dee38b94.bin
.zip

Password: infected
0e6a19b3bc5992a4b87006701bc2ef7aced896a8791a5386700f983db6d5039d.exe
.exe windows:5 windows x86

Password: infected

fb06b251ec823ec2b055f38e217cf323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
SetComputerNameExA
GetConsoleAliasExesLengthA
FindResourceW
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
GlobalAddAtomA
GetCommState
GetSystemWindowsDirectoryW
CreateDirectoryW
AddConsoleAliasW
FindCloseChangeNotification
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
GetPriorityClass
GetCurrencyFormatW
LoadLibraryW
GetExitCodeProcess
IsProcessorFeaturePresent
GetConsoleAliasW
MultiByteToWideChar
GetVolumePathNameA
GetLastError
InterlockedFlushSList
FindFirstFileW
GetProcAddress
VirtualAlloc
BackupWrite
RemoveDirectoryA
EnumSystemCodePagesW
SearchPathA
InterlockedExchangeAdd
OpenWaitableTimerW
LocalAlloc
GetNumberFormatW
SetConsoleWindowInfo
FoldStringA
GlobalFindAtomW
DebugSetProcessKillOnExit
UpdateResourceW
VirtualProtect
PeekConsoleInputA
ReadConsoleInputW
GetWindowsDirectoryW
SetFileAttributesW
LocalFileTimeToFileTime
CreateFileA
SetVolumeLabelA
FillConsoleOutputCharacterA
SetLastError
GetModuleHandleA
HeapAlloc
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

LoadMenuW
CharToOemBuffW
ChangeDisplaySettingsW

gdi32

GetCharWidthA
GetCharacterPlacementA
GetCharABCWidthsFloatA
GetBoundsRect

shell32

ShellAboutW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fb06b251ec823ec2b055f38e217cf323

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 7KB - Virtual size: 711KB

.rsrc Size: 75KB - Virtual size: 1.3MB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 7KB - Virtual size: 711KB

.rsrc
Size: 75KB - Virtual size: 1.3MB

.reloc
Size: 8KB - Virtual size: 8KB