f46c2484867100fa6a04ee3695c015ab[.]bin

General

Target

f46c2484867100fa6a04ee3695c015ab.bin
Size

547KB
MD5

7c23221c1ce22c6af7b7dd55d52a4197
SHA1

c0862b1709787af7032df3d1203fde95a0ad285b
SHA256

6ea41998b67fb238f94897fbbf5cd272666128180439cd4e8e4197e138ed4132
SHA512

e7a236d1943e77d4e5393d390d8a63700c231979c0bde48b14740225513e09b0790a061facd2e2eb9d058e23970d4a524fa4dba244a91b0b511e5e0dd5395fcb
SSDEEP

12288:5mlgkJztb0DKFf8atWK3x8qh+qNDqvqK8D:50hGmf8aQKBVuvqN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6d4fd32c3bbb14cf1d56e72d60a5bc89fd48ed6dd04c547c7a51f7e43fcd0d8a.exe

Files

f46c2484867100fa6a04ee3695c015ab.bin
.zip

Password: infected
6d4fd32c3bbb14cf1d56e72d60a5bc89fd48ed6dd04c547c7a51f7e43fcd0d8a.exe
.exe windows:5 windows x64 arch:x64

Password: infected

bcc417dc5f379d94b6dca5009b8d6da1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Workspace\ForRelease\avast\BUILDS\Release\x64\avDump64.pdb

Imports

dbghelp

MiniDumpWriteDump

psapi

GetProcessImageFileNameW
GetMappedFileNameW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx

user32

RegisterClassExW
GetClassInfoExW

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW

Exports

Exports

on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 651KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bcc417dc5f379d94b6dca5009b8d6da1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

psapi

ntdll

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 651KB - Virtual size: 650KB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 25KB - Virtual size: 34KB

.pdata Size: 41KB - Virtual size: 40KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 651KB - Virtual size: 650KB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 25KB - Virtual size: 34KB

.pdata
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 7KB - Virtual size: 6KB