0f58955700a934efece7eacadcefc950[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f58955700a934efece7eacadcefc950.bin
Size

192KB
MD5

a75f005a7c5a5245f6803402ad35881b
SHA1

a10ed745a473dbe7332efbf4a6f0b80261ef4c12
SHA256

9ff0839e9930d2366d4abbe14f509492c8c329775a72cb94e14c9a6d2dceb107
SHA512

3ab3e19647c4b4f798445aa5e184688cd66646c93250015fe106e4afe3120d2bfbd7ff915c9f208c0ae79df44eb4caad2872198877b83c10417b1f5345b6275a
SSDEEP

6144:Zq8euJ2so9lk+3ty7yDj+1pjEEVKCL3cmFHb:Q8fcL9iqDj+7D17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ca0e2e53c24c4339d25101161f12eade64bb8d0624689aff35928ca6cbd3fc2f.exe

Files

0f58955700a934efece7eacadcefc950.bin
.zip

Password: infected
ca0e2e53c24c4339d25101161f12eade64bb8d0624689aff35928ca6cbd3fc2f.exe
.exe windows:6 windows x86 arch:x86

Password: infected

6a06d1fa38af061b6a93049c91c70ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
ExitProcess

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

user32

GetDC
ReleaseDC

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ