b8457adfdc80c0917baa08bdf11e25c6[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b8457adfdc80c0917baa08bdf11e25c6.bin
Size

594KB
MD5

b8457adfdc80c0917baa08bdf11e25c6
SHA1

b164519e313bfba44e6c69d1fac460aea76be43f
SHA256

8da0f40b56160b1d92dc2a2424dffbd18906636a7daae1efc0a053eb512e78a1
SHA512

d4ce02bdd0b6c068491424c150b4d8a6d4fb729e7696e594e72c1df30e91b438ad35d4a845079392fa3db59eda54431df4a262e78f4fda9e892be1aae819cfda
SSDEEP

12288:FZL3+zQQQXzcnsfPTqq8NyMFq33vIR8oBMcfkRkq9bNXJCBg/ujO718kT1QPH:FZzFLzsrBNyM03vk8cMc8kSfCEus+kJu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Fatura_Debito.exe

Files

b8457adfdc80c0917baa08bdf11e25c6.bin
.zip

Password: infected
Fatura_Debito.exe
.exe windows:4 windows x86 arch:x86

Password: infected

49f27de8e91549bbdafc8945f691fb84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord588
ord696
ord697
ord698
MethCallEngine
ord517
__vbaCopyBytes
ord660
ord666
ord667
ord668
ord592
ord520
ord631
ord525
EVENT_SINK_AddRef
ord527
ord560
ord561
ord187
ord564
ord675
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord607
ord530
ord608
ord609
ord717
ord186
ord537
VarPtr
ord648
ord570
ord575
ord578
ord100
ord610
ord617
ord618
ord545
ord548

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ