f29bb9918f3803046c2bab24c20b458d[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

f29bb9918f3803046c2bab24c20b458d.bin
Size

739KB
MD5

aeb41a87874ac55cca654bbc82850bc5
SHA1

9f570c01e4491dde7d4143afc6c9fe13c9952be7
SHA256

1af02f18538aa3cecaf6fb0092cc285c50dba4c8ef3e7f52fcd24422ddceda3b
SHA512

fdad925be32219118bdcea1562f7f2d2f36edbb6a74c42fd9a8a3e147af31c027ad1915c6be459d18f12f5a7b9a1afab809c0f49f39392b2c283675cde40772d
SSDEEP

12288:0SfwlHR8/AJWMRem5JIje8xGm/viydKFsvBQAu8e6dL2:0fzkAJxNJIu66ydksvBNne6dL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b84760ded0544c86d23849130082b99c3000b1e4ca5da0690fcdfbf2771b7993.exe

Files

f29bb9918f3803046c2bab24c20b458d.bin
.zip

Password: infected
b84760ded0544c86d23849130082b99c3000b1e4ca5da0690fcdfbf2771b7993.exe
.exe windows:5 windows x86 arch:x86

Password: infected

eb67be19b81b44ee5931ef078192d536

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugActiveProcess
GetDateFormatW
CreateFileA
GetConsoleAliasesLengthW
GetNumaProcessorNode
GetLocaleInfoA
HeapAlloc
InterlockedIncrement
HeapFree
CreateHardLinkA
ConnectNamedPipe
GetModuleHandleW
FindNextVolumeMountPointA
ReadConsoleOutputA
GetUserDefaultLangID
GlobalAlloc
LoadLibraryW
GetConsoleAliasExesLengthW
lstrcpynW
GetAtomNameW
LocalHandle
SetConsoleTitleA
WritePrivateProfileStringW
GetThreadLocale
GetProcAddress
GetLongPathNameA
SetComputerNameA
SetCalendarInfoW
SetConsoleDisplayMode
GlobalFindAtomW
GetModuleFileNameA
HeapSetInformation
VirtualProtect
GetCurrentDirectoryA
DeleteCriticalSection
FindAtomW
GetSystemTime
SetFileAttributesW
CreateFileW
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
HeapReAlloc
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
ReadFile
CloseHandle

user32

GetMonitorInfoW
CopyRect
LoadIconA

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

eb67be19b81b44ee5931ef078192d536

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 727KB - Virtual size: 727KB

.data Size: 10KB - Virtual size: 39.2MB

.rsrc Size: 37KB - Virtual size: 37KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 727KB - Virtual size: 727KB

.data
Size: 10KB - Virtual size: 39.2MB

.rsrc
Size: 37KB - Virtual size: 37KB