da505bb6a3d54c2a0778c4a04179da0b[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

da505bb6a3d54c2a0778c4a04179da0b.bin
Size

169KB
MD5

6c383fb6f6e6341dde6173e9344db6f5
SHA1

f5cea10d89322151ecf0e20a840f0776fc460631
SHA256

94a53a33dc1ddd703108b2a855061d1f0c41cce858aaa5cb9b13fc9017b32a85
SHA512

c6c49950e0103595e489f6632e24d486696ced5fb1622ebce7d1cec81bc7222ca80f652be94d5be4de963a3a7bf8e03030df5b36b367af040b599d4d6fb899a8
SSDEEP

3072:Oe4tn9BNasR/rJNgPqkT4LzGudHpydntZpl7dcN2EszE7SOyDGMECQsQ:s+sR/9mPqkGSnJtdCKlOiOcQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/be738fec40c2f6e6a818797c55819e3b01147b0a5e8dcb4c5e1238cffcef95cd.exe

Files

da505bb6a3d54c2a0778c4a04179da0b.bin
.zip

Password: infected
be738fec40c2f6e6a818797c55819e3b01147b0a5e8dcb4c5e1238cffcef95cd.exe
.dll windows:5 windows x64 arch:x64

Password: infected

23a1e10b5cfb66416d6123ba340f36f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
CloseHandle
DeleteFileW
LocalFree
DosDateTimeToFileTime
SetFilePointer
GetLastError
ReadFile
GetCurrentDirectoryW
GetFileType
MultiByteToWideChar
CreateFileW
WideCharToMultiByte
WriteFile
GetCurrentProcess
SystemTimeToFileTime
CreateProcessW
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
EncodePointer
GetTimeZoneInformation
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
FlushFileBuffers

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Exports

Exports

GetWindowInfod
GetWindowInfodW
MemloadFunc

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

23a1e10b5cfb66416d6123ba340f36f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 101KB - Virtual size: 109KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 101KB - Virtual size: 109KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 2KB - Virtual size: 1KB