f7891882225dc9d0e22b07deabf36f20[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f7891882225dc9d0e22b07deabf36f20.bin
Size

387KB
MD5

3ff29c9c6bd3b4d7dd87de8469f8018e
SHA1

5658d94018b93e0c7648a2deed329a68fa3c9037
SHA256

c5068d1d33f5f887dd970fccc036e741d756d3e7212841e39864c74d1bb7f734
SHA512

b1399434c7e33b879c3af7b59e9629ae30f9ec1062a2a5d688dd799c7d94007ad9d6591c9e72e84ebbf55a14b990dca3fda93c7f0db4db827f6d2a2f43614ac3
SSDEEP

6144:viy0R4wbLD+9B0OQP0pnvRuT/x7uR9cloPDmycXPy15ooK6EScM1SQJ:QN/M0h0FsT/dyd1qb3uSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/479dbe11c5211b7cf1c1e4ad4e66ed22ac6fe4750fb31892b32d9f05c42d40ef.exe

Files

f7891882225dc9d0e22b07deabf36f20.bin
.zip

Password: infected
479dbe11c5211b7cf1c1e4ad4e66ed22ac6fe4750fb31892b32d9f05c42d40ef.exe
.exe windows:5 windows x86 arch:x86

Password: infected

21a899cb2bf7f1bc566f7c47e1443114

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoA
GlobalAddAtomA
EndUpdateResourceW
InterlockedDecrement
GetCurrentProcess
GetComputerNameW
GetModuleHandleW
GetCommConfig
GetProcessHeap
GetWindowsDirectoryA
SizeofResource
EnumResourceLanguagesA
CreateFileW
GetOverlappedResult
ExitThread
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
GetNativeSystemInfo
OpenMutexA
LocalAlloc
CreateHardLinkW
FindFirstVolumeMountPointW
BeginUpdateResourceA
OpenJobObjectW
DeviceIoControl
GlobalFindAtomW
VirtualProtect
_lopen
GetVersionExA
FindAtomW
GetFileInformationByHandle
OpenFileMappingA
TlsFree
LCMapStringW
lstrcpyA
LoadLibraryA
GetFullPathNameW
InterlockedIncrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RaiseException
RtlUnwind
HeapFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
IsDebuggerPresent
HeapAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte

user32

SetClipboardViewer

gdi32

GetDeviceGammaRamp

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

21a899cb2bf7f1bc566f7c47e1443114

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 371KB - Virtual size: 370KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 4.1MB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 371KB - Virtual size: 370KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 4.1MB

.rsrc
Size: 90KB - Virtual size: 90KB