f41c9e6ca239395e71bcf027987282dc[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f41c9e6ca239395e71bcf027987282dc.bin
Size

1.8MB
MD5

8b165eb8bb1eb0f3189d9df598180974
SHA1

bec074f23a0c3e0c5668a5f4a555177b69e3fbc3
SHA256

bead5fd7596ed0fc23418f3a35687712611c498a60716a54018dd404468ad98b
SHA512

77c773ca22854b314de5915d3a6dba9c3ac00d2bf39305a5c008667e65f42b8cfb4b6685ec523487b35a149d6b03625589841a75a02b8f839823e6fb6f4b5d42
SSDEEP

49152:rQX1GN/qskexCWTge30bspmQxKhb91HcCpkcjnQ:Fq6xgRgcRX8CpHU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe

Files

f41c9e6ca239395e71bcf027987282dc.bin
.zip

Password: infected
92eb323e0240228429277748079975b5626bed0bf249ec53e7fa78c88ede0c5b.exe
.exe windows:5 windows x86 arch:x86

Password: infected

6e6adc81408d03ab93cf4a3c059fdf64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputCharacterA
HeapAlloc
GlobalAddAtomA
GetCurrentActCtx
CreateJobObjectW
GetSystemDefaultLCID
FreeEnvironmentStringsA
CreateNamedPipeW
GetProcessHeap
TzSpecificLocalTimeToSystemTime
WideCharToMultiByte
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
ReplaceFileW
InterlockedExchange
GetStdHandle
GetCurrentDirectoryW
GetConsoleAliasExesLengthA
LoadLibraryA
LocalAlloc
GetFileType
AddAtomW
GetModuleFileNameA
lstrcatW
BuildCommDCBA
VirtualProtect
FatalAppExitA
ReleaseMutex
FileTimeToLocalFileTime
DeleteTimerQueueTimer
CreateFileW
SetStdHandle
SetLastError
MoveFileExA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetFilePointer
CloseHandle
WriteConsoleW

user32

LoadIconW
UpdateWindow
GetClassLongA
SetKeyboardState

gdi32

GetCharWidth32W

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6e6adc81408d03ab93cf4a3c059fdf64

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 9KB - Virtual size: 26.8MB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 9KB - Virtual size: 26.8MB

.rsrc
Size: 34KB - Virtual size: 34KB