dd5e21a253fc73601aace400d17685af[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

dd5e21a253fc73601aace400d17685af.bin
Size

134KB
MD5

1bd6bda5260214ce4ec013b4da29076d
SHA1

bef1b97e63f5118dac81e9fd8f7eccfcd27b30ad
SHA256

d579f137f304e58a97437c3892e8046a932f8328731a5be8d1dbed8115bbdf29
SHA512

ec1615b364238358ea197760e761ad76408089c4bbf6d9448a8032bd0ed68558c6791058f5fd6dba4637a7dac38c07187c9e9aa3c05b5fada9cdb9104289b7aa
SSDEEP

3072:bCMu4hO7goI6krumo/vxOq3TTLh31fc3eENgEOLwEG1956bUjr:GXUumKxOwDwGzu3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d.exe

Files

dd5e21a253fc73601aace400d17685af.bin
.zip

Password: infected
9eddeebc0caaaf59847d80064d1fe276dabd87306e3ad0e768c69c4d5b0ead9d.exe
.exe windows:5 windows x86 arch:x86

Password: infected

b8f2495c35890d001b17b1171df8eea9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FindFirstChangeNotificationW
TlsGetValue
LoadResource
SystemTimeToTzSpecificLocalTime
InterlockedIncrement
GetCurrentProcess
CreateJobObjectW
GetTickCount
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GetCurrencyFormatW
GlobalAlloc
GlobalFindAtomA
Sleep
AssignProcessToJobObject
SizeofResource
GetSystemWindowsDirectoryA
CreateFileW
GetOverlappedResult
GetVolumePathNameA
FlushFileBuffers
InterlockedExchange
GetLastError
GetFullPathNameA
BackupRead
GetProcAddress
GetProcessHeaps
VirtualAlloc
BeginUpdateResourceW
EnumDateFormatsExA
SetComputerNameA
SetFileApisToOEM
LoadLibraryA
InterlockedExchangeAdd
CreateFileMappingW
FoldStringA
FindFirstVolumeMountPointA
GetModuleHandleA
VirtualProtect
OpenSemaphoreW
GetVersionExA
FindAtomW
GlobalAddAtomW
LCMapStringW
SetLastError
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
GetStartupInfoW
WriteFile
GetStdHandle
GetModuleFileNameA
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
HeapSize
HeapFree
TerminateProcess
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

RealGetWindowClassA

gdi32

SetDeviceGammaRamp

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b8f2495c35890d001b17b1171df8eea9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4.1MB

.rsrc Size: 77KB - Virtual size: 76KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4.1MB

.rsrc
Size: 77KB - Virtual size: 76KB