689678e61aaa30763d6bc2622108ee44[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

689678e61aaa30763d6bc2622108ee44.bin
Size

282KB
MD5

cfa39b7e79b1fed3fd5a24b5241f8f64
SHA1

d5ffe7a61ef9c850976657915c3937948bfaa69b
SHA256

5c0fe99112d50d9e336f266e85f80834ec9586a207b0802cea4c2eb449fdf0ea
SHA512

e27cf8a182de4fbb80e4eda21abb4a07e861c0380d86a7fa25a870667f449a85b33bd70e530ad4f37d57f4591d689f365a61cc1bfd6e3ec1284b08a3079f403a
SSDEEP

6144:R9HZjafLfXJ3FywmozNsACa4fDms6ehSluoB6Nbz6EcUw36MZ58PsY+v2Ca7l:HELloo1/s/Slu5lz6Ec93ZaZ+vMl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d92547626ce35c2eaab15552221278ff2d6dcacc4900eaf2ee312e36d4fe1e78.exe

Files

689678e61aaa30763d6bc2622108ee44.bin
.zip

Password: infected
d92547626ce35c2eaab15552221278ff2d6dcacc4900eaf2ee312e36d4fe1e78.exe
.exe windows:6 windows x86 arch:x86

Password: infected

41482c048643282f0fa54f6385f74814

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetStdHandle
QueryPerformanceFrequency

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW
SelectObject

user32

GetDC
ReleaseDC

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ