revil[.]bin | Triage

Sharing

General

Target

revil.bin
Size

119KB
MD5

a4331ff805b0a8f2a2892777c224b65e
SHA1

2c5521077dd1a6f5f3558351370880aee9ab7c71
SHA256

329983dc2a23bd951b24780947cb9a6ae3fb80d5ef546e8538dfd9459b176483
SHA512

786a6ffdd7206b0f11dd45921826e3685fe4b64b82b4fa26702a30dcb762d4310b3b55683a8c510175ed6a9086125156e676caa3220597f8ed7298f6cdc51799
SSDEEP

3072:KW5yc3Y4SMQwuOekD96R928A2fFM+/uSxo+HHz/bs/k4OS:K83Y5BAxa92c1rxTnz/Y/k4O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

revil.bin

Files

revil.bin
.exe windows:6 windows x86 arch:x86

95c9dbd11f21d2c0fa6c3dccccbdebb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
ExitProcess
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetModuleHandleA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

enc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ