cf5a70c2f7978229efebcca70f6d2053[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

cf5a70c2f7978229efebcca70f6d2053.bin
Size

173KB
MD5

aefb8446a56e26881d4dbd3173f13cdb
SHA1

bcf579f22d05f42c94d7e5286df34697c06f1aeb
SHA256

40616ea47a6e503fb4314775d6ca25ae2d5c566807e0bd7b5584fcdd0b352401
SHA512

050c69663cb6903657bf9a67812834a57a71b6697b7cbfad37c014d9f956bbfcca95337f0512b4e0b252ea29cf8c3487f63df0cd3f8972ad6980a0c3381464c2
SSDEEP

3072:E+vzRHDNTaTL0Ii6CcMtBXZCvAicL7+NL5Sbm2Sm2RRjU4o7IWCyRn0fKDOftsMw:t7B85iNcMXIAfSL5t42MvJtRnMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0faa7c27d8cedbb19af0586a236ce4eca6b151509e526bedcc970606e391ce74.exe

Files

cf5a70c2f7978229efebcca70f6d2053.bin
.zip

Password: infected
0faa7c27d8cedbb19af0586a236ce4eca6b151509e526bedcc970606e391ce74.exe
.exe windows:5 windows x86 arch:x86

Password: infected

41664c42ec8e82b6bc77023fb19fd70a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileExW
FreeLibrary
CreateJobObjectW
HeapFree
FreeEnvironmentStringsA
GetModuleHandleW
TlsSetValue
IsProcessInJob
WriteConsoleOutputA
SetConsoleCP
LeaveCriticalSection
DnsHostnameToComputerNameW
SetMessageWaitingIndicator
LocalHandle
GetCompressedFileSizeA
GetTimeZoneInformation
GetConsoleAliasesLengthW
SetCurrentDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
CreateNamedPipeA
OpenWaitableTimerA
LoadLibraryA
LocalAlloc
SetConsoleOutputCP
VirtualLock
AddAtomA
CreateWaitableTimerW
LocalFree
SetFileAttributesW
LCMapStringW
CompareStringW
TryEnterCriticalSection
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetLocaleInfoA
WideCharToMultiByte
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
CompareStringA
SetEnvironmentVariableA

advapi32

CreateServiceA

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.meboxo
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dodewa
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

41664c42ec8e82b6bc77023fb19fd70a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 33KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 417B

.meboxo Size: 512B - Virtual size: 12B

.dodewa Size: 1024B - Virtual size: 577B

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 33KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 417B

.meboxo
Size: 512B - Virtual size: 12B

.dodewa
Size: 1024B - Virtual size: 577B

.rsrc
Size: 96KB - Virtual size: 95KB