40bbbb9bbddbf864e506c87fa8919480[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

40bbbb9bbddbf864e506c87fa8919480.bin
Size

298KB
MD5

e90d87f4019739de23400b5bedad9d90
SHA1

f4752859445cdc64428a844fcde3970a3edbb784
SHA256

e0e021fd4d7212dacaefe92430d83333b711f4f537764ff765cd2e33c8d816e8
SHA512

33f813fc880bc8b460287b765b9b7ebd62b25ce7cc1b2904b928ef2d62fa58e8173dfe3d73ea1d357a15d7ea20762764d918e287908f46297294ebde80682fe9
SSDEEP

6144:ExC+b5BpDtUUFjd+sxwvdWUferthVwwic6vUH+nPeN1:H2V53Jd5xwvLfCVr6NnS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3686bcf5d1faa1034cc59cee288c1641034d7cfb6c227d00ee1e8837e1733832.exe

Files

40bbbb9bbddbf864e506c87fa8919480.bin
.zip

Password: infected
3686bcf5d1faa1034cc59cee288c1641034d7cfb6c227d00ee1e8837e1733832.exe
.exe windows:5 windows x86 arch:x86

Password: infected

21a899cb2bf7f1bc566f7c47e1443114

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoA
GlobalAddAtomA
EndUpdateResourceW
InterlockedDecrement
GetCurrentProcess
GetComputerNameW
GetModuleHandleW
GetCommConfig
GetProcessHeap
GetWindowsDirectoryA
SizeofResource
EnumResourceLanguagesA
CreateFileW
GetOverlappedResult
ExitThread
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
GetNativeSystemInfo
OpenMutexA
LocalAlloc
CreateHardLinkW
FindFirstVolumeMountPointW
BeginUpdateResourceA
OpenJobObjectW
DeviceIoControl
GlobalFindAtomW
VirtualProtect
_lopen
GetVersionExA
FindAtomW
GetFileInformationByHandle
OpenFileMappingA
TlsFree
LCMapStringW
lstrcpyA
LoadLibraryA
GetFullPathNameW
InterlockedIncrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
IsDebuggerPresent
HeapAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte

user32

SetClipboardViewer

gdi32

GetDeviceGammaRamp

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

21a899cb2bf7f1bc566f7c47e1443114

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 4.1MB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 4.1MB

.rsrc
Size: 90KB - Virtual size: 90KB