9fb32dc431fd70acfb7d1608c0535317[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fb32dc431fd70acfb7d1608c0535317.bin
Size

553KB
MD5

315b4d450c432035de2338b557583a9b
SHA1

2290ae202c2e6ae11b408e18d222702df3c730cf
SHA256

d839dc50a950c09c7deac69697b335828e580276b9b4bd051e5da528395913ce
SHA512

e67f9c7e8f38c47f21d84a372f726a727626f14797752fb2b87b5395d95ea465a3fbbfe9030a6d8407a7c2282ed8cf45e9079059b7f4568c4598c233fb9496ae
SSDEEP

12288:FJQExUsQB5RU+m4MAgIYzbfXTHQCL+Q0INFGUVAreDHKRU4tdDb6co+:FJr4MAgIYXjwCC/0FpVAa+6Gdq+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/72ae820b13a8e8f73da2770b9c0bd9d0a6a42e2ba3dcaf1279359e2b2b221b12.exe

Files

9fb32dc431fd70acfb7d1608c0535317.bin
.zip

Password: infected
72ae820b13a8e8f73da2770b9c0bd9d0a6a42e2ba3dcaf1279359e2b2b221b12.exe
.exe windows:4 windows x86 arch:x86

Password: infected

6f462fcc6b830b77fb3fef2add9dc570

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
_sleep
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ