4828abd9d1245036b5193268ef6ba148[.]bin | Triage

Sharing

General

Target

4828abd9d1245036b5193268ef6ba148.bin
Size

1.9MB
MD5

6450ae23234e5672c18e1b1974d3f6f2
SHA1

4acc96635baa79cebf83c904391526cc0cf4774d
SHA256

0f0262f3b7a7a7c054097a0adb2dbb0318ebed6634a857d6c80fc5cbc2b7010d
SHA512

8974ae5e738cb87abeeec0c91b8299ffdde3c4dc2986af0bd79e589b29865e94e5c56b5ec2990add42bb77941527534a0759281292404f0f39dd834b9eda9062
SSDEEP

49152:mRY5ouMGNeKzzRHaMwpvuoEWNIfA6yMXCUppOPc:75on+eSxaDvuoEW+A6yMX7SE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a2449bc80cef9117c5afeae850fad00f671e3ddffe8c0c4f32328686dead719a.exe

Files

4828abd9d1245036b5193268ef6ba148.bin
.zip

Password: infected
a2449bc80cef9117c5afeae850fad00f671e3ddffe8c0c4f32328686dead719a.exe
.exe windows:6 windows x86 arch:x86

Password: infected

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

Start

Sections

Size: 574KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zjmspsgn
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

urighjtk
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE