v[.]bin[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

v.bin.zip
Size

64KB
MD5

c80dadaf952bd688a91701d0debf20e3
SHA1

86911a4b95625139e40a920cd3ef4ca90c1ca925
SHA256

a1621d3fc580c52ac460fd35b9a6e13135c09ae57c5cf42c1623f4b7be1e6573
SHA512

dfc727c96ff4fa26180d647ba3fc9fdceccd339333d1c4a09eae02b9397c14351378b498b37258a553d41c1dcf558fcc5f741e3e9c157eea097d6264140c08b7
SSDEEP

1536:wbcqK10ZmLHkJAUdxM2T0RJC8saB62U+X7gbFkUtlR8ARglI181KNPa:wJi0ZmLOwRJC8P6nMe5t0TRua

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v.bin

Files

v.bin.zip
.zip

Password: infected
v.bin
.exe windows:6 windows x86 arch:x86

326a5fbe46bc57a0dfa20871d0eacd8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
CancelIo
FindNextFileW
GetCurrentThreadId
CloseHandle
SetFileAttributesW
CreateThread
SetFilePointerEx
WideCharToMultiByte
FindClose
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetStringTypeW
EnterCriticalSection
MoveFileW
VirtualAlloc
GetLastError
GetFileSizeEx
lstrcmpW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
WriteFile
InitializeCriticalSection
VirtualFree
GetCurrentThread
GetQueuedCompletionStatus
FindFirstFileW
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
EncodePointer
DecodePointer
IsDebuggerPresent
GetCommandLineA
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetModuleFileNameW
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsGetValue
RtlUnwind
RaiseException
SetLastError
InterlockedIncrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
GetConsoleCP
GetConsoleMode
LCMapStringW
GetThreadTimes
InitializeSListHead

ws2_32

ntohl
htonl

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

326a5fbe46bc57a0dfa20871d0eacd8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 38KB - Virtual size: 37KB