631b5e58e33fbc4070a8fd8f7667d9a9[.]bin

General

Target

631b5e58e33fbc4070a8fd8f7667d9a9.bin
Size

16KB
MD5

5130a610deccb81c5ef9c07f8257e33d
SHA1

9d287c4eae84428d650b0cafb03feb4a6ab08801
SHA256

b09b0521b2400fb32819884079a0b372ffbd0b731bc7caa24f9aeeae0c55e10e
SHA512

eddfee5f9c2e4accd095c92713f91813370276e3173e17613dd60561c82faa4796a34e6a58ac2fa928451da384a9888e62b5711af54f70ccb863a9ec62f3be73
SSDEEP

384:r2j56wEwRkyInMS0Qep9Ci6BiaXlaW6D30jsuKJ42w0:ydhkhnN0jDCeNOsNRj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/afe45e40da95a97781a374d8eaa6f59415457b8980140aaff8d125327ae6d7cd.exe

Files

631b5e58e33fbc4070a8fd8f7667d9a9.bin
.zip

Password: infected
afe45e40da95a97781a374d8eaa6f59415457b8980140aaff8d125327ae6d7cd.exe
.exe .hta .js windows:10 windows x86 arch:x86 polyglot

Password: infected

ba072a972fe6c47c8cf7a0347bb0af7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

calc.pdb

Imports

shell32

ShellExecuteW

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter

msvcrt

_amsg_exit
__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_controlfp
_exit
exit
__p__commode
_XcptFilter
__set_app_type
_except_handler4_common
__wgetmainargs
_cexit

advapi32

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ba072a972fe6c47c8cf7a0347bb0af7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

msvcrt

advapi32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1024B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 368B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1024B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 368B