8b6a45d8fa4e70b0e1c06c76b523cbc0[.]bin

General

Target

8b6a45d8fa4e70b0e1c06c76b523cbc0.bin
Size

8KB
MD5

58850673d5133733c308adc9ad8c3e3e
SHA1

e364d031e5c0c70d104a398007bacefa6354a64c
SHA256

0e6db2c0039f4b1420b251c1dd34ab73d6be5dab67a08d37f3e838bb894c1a0a
SHA512

81cd7f0a9a971360daa40ee08125089fdbbb774e9faca0f8b7febc8ca6ad33f47da8e90723947e95ac34eef6ecdf0f9ac83460c6e8fc03378ea22b060de68975
SSDEEP

192:6gyUEWzW6gKeSDyG0dGa81PXpwh6SYZYiBu/lt4ucakhKo5Q1h:7raNKeSIcr1PQwYiBkCRw8QL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/07487a9b997d8f757501912961bce0e4d72acfe80760ebd50ee4b485b89210b4.exe

Files

8b6a45d8fa4e70b0e1c06c76b523cbc0.bin
.zip

Password: infected
07487a9b997d8f757501912961bce0e4d72acfe80760ebd50ee4b485b89210b4.exe
.exe windows:4 windows x86 arch:x86

Password: infected

20b0e5ae70b508773a5ce1469630cc99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
_lread
LocalAlloc
GetFileSize
SetFileAttributesA
GetModuleFileNameA
Sleep
GetTickCount
WaitForSingleObject
SetEvent
OutputDebugStringA
CloseHandle
CreateThread
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ExitProcess
GetModuleHandleA
GetStartupInfoA
lstrcmpiA
lstrcatA
lstrcpyA
lstrcpynA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lopen
_lcreat
_llseek
_lwrite
_lclose
lstrlenA

user32

wsprintfA
MessageBoxA
GetWindowTextA

advapi32

DeleteService
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ChangeServiceConfig2A
CreateServiceA
CloseServiceHandle
OpenServiceA

ws2_32

ioctlsocket
bind
htons
WSAGetLastError
WSAStartup
socket
WSAAsyncSelect
listen
gethostbyname
inet_addr
connect
recv
send
WSACloseEvent
accept
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
WSACleanup
closesocket

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

20b0e5ae70b508773a5ce1469630cc99

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 2KB