ce867b0c0346970429f05d962f40803a[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ce867b0c0346970429f05d962f40803a.bin
Size

94KB
MD5

2263026a08868d3783988536bd2a4a58
SHA1

db9b5b6887938d4d526b2193dc93d430c892c021
SHA256

14c96a5bb3aad2c56b9df50eef61aa2e284e10770edc0f190ee7eabb49f98852
SHA512

799ac54bbf2c73ed879d7d47a35edba4758e515b6953bc1df54a5be672d890153f77f67ef28964f8b261428d1ea2f8779423976f4fabee3ee286f6d30dc68eac
SSDEEP

1536:y9QUSKCAphxFI8A5CnThlEsw7w/cy5gwnq6qE8KOC31mkIuFZlQzdBW/r:8nSKCAbry5UThisWwgwq6F1PFZlQzdED

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c812242a8cf1ebca3d72479d271863327d4c684deecfe9282516abcc6e68caa6.exe

Files

ce867b0c0346970429f05d962f40803a.bin
.zip

Password: infected
c812242a8cf1ebca3d72479d271863327d4c684deecfe9282516abcc6e68caa6.exe
.exe windows:5 windows x86 arch:x86

Password: infected

0f784335ad313f6e2411326700555ccb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterA
HeapAlloc
GlobalAddAtomA
GetCurrentActCtx
GetUserDefaultLCID
FreeEnvironmentStringsA
GetProcessHeap
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
LoadLibraryW
GetFileAttributesA
ReplaceFileW
CreateJobObjectA
InterlockedExchange
GetStdHandle
GetLocaleInfoA
SetLastError
CreateNamedPipeA
LocalAlloc
AddAtomW
GetModuleFileNameA
lstrcatW
BuildCommDCBA
VirtualProtect
FatalAppExitA
ReleaseMutex
FileTimeToLocalFileTime
DeleteTimerQueueTimer
CreateFileW
SetStdHandle
WriteConsoleW
CloseHandle
GetCurrentDirectoryW
GetFileSize
GetLastError
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
HeapCreate
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
HeapSize

user32

LoadIconW
UpdateWindow
GetClassLongA
SetKeyboardState

gdi32

GetBoundsRect

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0f784335ad313f6e2411326700555ccb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 26.8MB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 26.8MB

.rsrc
Size: 34KB - Virtual size: 34KB