f488790f6608a2e2b7d53e539484a8eb[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f488790f6608a2e2b7d53e539484a8eb.bin
Size

189KB
MD5

355782d5f494e37e5c463927d0b23f23
SHA1

3d2e07201579e623686beda58359af6c876a41c0
SHA256

56669c828ceb26a8f8fbc7775d69b1b51ba82cab345ab0b2c8d2bfad5f58d0fe
SHA512

287f6fdda9be2998e53fe1c528b3985be36d7b6d4974babb3d984c5956b3b38d48e8f37b695102a92466532807b133112337cc62f1003e24da8f7c8e8b480ffd
SSDEEP

3072:hlLQ6FpVWC53LtWF8/PBKomAOHg+V28uiZAtJrzA9xvLprGXSHKGs96pbI:hlLQ6F6C3Lt9/pKomZHg+V28piA97SSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/baf1ef6054b6f5218ae5c53b563d80f8a6bfc96a486e25550f613c9a4024634b.exe

Files

f488790f6608a2e2b7d53e539484a8eb.bin
.zip

Password: infected
baf1ef6054b6f5218ae5c53b563d80f8a6bfc96a486e25550f613c9a4024634b.exe
.exe windows:6 windows x86 arch:x86

Password: infected

6a06d1fa38af061b6a93049c91c70ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
ExitProcess

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

user32

GetDC
ReleaseDC

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ