d7aa46ef8d09144974f4dc10e5ef1b7e[.]bin | Triage

Sharing

General

Target

d7aa46ef8d09144974f4dc10e5ef1b7e.bin
Size

310KB
MD5

94875d787dbcfe694584c7dce8a58da0
SHA1

83413a310a545edf33ab462a47642e337a34beb0
SHA256

180201a860c1a4dc94be606ac8bc093a07ca2491d0ee0707475ea517556f2953
SHA512

f275fec5e3d3ec016a094def6e2b06d67c9ebd495a52eea3d3fe36f2f496e386903e88db765e25c02e04cab9370f091bb99e4f9f1249e1382a56206a11af9d3d
SSDEEP

6144:09HsvcaeBlM9YfwAiKwNxsovsUGuPNNY8GUx1Ysp+YtLnd3hBdp:0RsvReB4YIAin4is7ANNR1YBY1dH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dcf14d2ca4c03349e53216c94512cf010326fa9ff35978e8cd7684862ce14c90.exe

Files

d7aa46ef8d09144974f4dc10e5ef1b7e.bin
.zip

Password: infected
dcf14d2ca4c03349e53216c94512cf010326fa9ff35978e8cd7684862ce14c90.exe
.exe windows:6 windows x86 arch:x86

Password: infected

a238dd5e708b2e5b98247b73320c973d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
ExitProcess
ReleaseSRWLockExclusive

user32

GetDC
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ