5599f9db69ae6de368ecdaafb16680e0[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

5599f9db69ae6de368ecdaafb16680e0.bin
Size

293KB
MD5

43e4bcdad2d4642c5991d008da7e922e
SHA1

5f055d494efd0e70c7ef40254ff0985673ad56ce
SHA256

aa9eae72b22b89c766d5f65775cf18950853840a0a07d2204619216a23679050
SHA512

eb5f24557303ffacae394ab2ba4cebed592e9c9f0e27714c1b80ec9b3711859a8f184c3a990dfe233dce249ba7c8e6f7ea9671a5392178d77c7b2d2c0ac5b691
SSDEEP

6144:qEDOyjV+TRbzYXTZxhSYUeKdWlf09dQZi9ATxM+zYNSSglL0DCoBrngwk3m:jOc+TNYj172Wa9dQZi9ATxMqYYSuwDCq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/98c5b27797be37eee59bbd120c39463aa64f8f59d26dbe3c46fae389d4fe41a9.exe

Files

5599f9db69ae6de368ecdaafb16680e0.bin
.zip

Password: infected
98c5b27797be37eee59bbd120c39463aa64f8f59d26dbe3c46fae389d4fe41a9.exe
.exe windows:6 windows x86 arch:x86

Password: infected

e752126f7ead8b7c9b1a7360355346dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
LoadLibraryA
GetProcAddress
VirtualProtect
lstrlenW
CreateThread
Sleep
WaitForSingleObject
FreeConsole
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
EncodePointer
DecodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
HeapSize
WriteConsoleW

Exports

Exports

RsCTSpbIdD06ORF

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.H58K
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e752126f7ead8b7c9b1a7360355346dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 304KB - Virtual size: 307KB

.reloc Size: 7KB - Virtual size: 7KB

.H58K Size: 68KB - Virtual size: 72KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 304KB - Virtual size: 307KB

.reloc
Size: 7KB - Virtual size: 7KB

.H58K
Size: 68KB - Virtual size: 72KB