520ba6bb5a6774667921aa17521a9d68[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

520ba6bb5a6774667921aa17521a9d68.bin
Size

301KB
MD5

f53f84e8e2228302a14a336b90b05d8c
SHA1

b26ff1349bb478e4ba353e064f0b3f68d1ef46ff
SHA256

e1ae16dccad1039aa15c2d8fa83d28f6631fa9ec3d465619773e16039683368c
SHA512

969129fae07dfb820b8b39a17e0a312ad24fc4fd0fba7432327eb2a7c5803331733e9dcf8e2e8867d696b1bd8f9357664d08685714f7191ddab245b42fa72e9a
SSDEEP

6144:fJk7a8vM1805oVB5+NvheugDDC5OYirzrwBZF9ur5lAKwHy6lzxGJ4EGX:R38280WVBCvEuzirzrgZD+MKwPlgc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe

Files

520ba6bb5a6774667921aa17521a9d68.bin
.zip

Password: infected
5c17dd7c936d69c34b6a35aa525221601d58e8c65c44b4d3fa2bbb140c5bde94.exe
.exe windows:6 windows x86 arch:x86

Password: infected

a238dd5e708b2e5b98247b73320c973d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
ExitProcess
ReleaseSRWLockExclusive

user32

GetDC
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ