80f37aa08616f20c3fd7a480b78de698[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

80f37aa08616f20c3fd7a480b78de698.bin
Size

6.2MB
MD5

7926702c0040d8c93e133699b89f9682
SHA1

c840fbafbc640a76668bdd084f971b1408e08685
SHA256

1ecb2e2f11d838778513a27f4d0b94bf17aea73c17ef9ea58ecbf5116285ecd2
SHA512

0fa31ca1bb0cdc7f7044a515ac09ba647f199e19f0984efea44c271e87166ba7b729bed2c441ba860883efaaebf31d8322ec303f55c5146716f2f35f038afe8c
SSDEEP

98304:Y48MfZr+U14vn654d8LxVfMf3brQBcatWfiysYbpji/kJ91JIx2:Y48MfV12TXratWfMYRi/kJIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b043312b27b03beabfec2c70d8e36e099522b49a12e70da0cdd5dcff86b3912c.exe

Files

80f37aa08616f20c3fd7a480b78de698.bin
.zip

Password: infected
b043312b27b03beabfec2c70d8e36e099522b49a12e70da0cdd5dcff86b3912c.exe
.exe windows:6 windows x86 arch:x86

Password: infected

7649bdb702869dd598eb0596dc791dc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
LocalAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfA
GetProcessWindowStation

gdi32

CreateCompatibleBitmap

advapi32

RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoInitialize

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiEnumDeviceInfo

ntdll

RtlUnicodeStringToAnsiString

rstrtmgr

RmStartSession

Exports

Exports

Start

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MZ5120
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MZ5121
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp]¬P
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp]¬P
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp]¬P
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

7649bdb702869dd598eb0596dc791dc2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

rstrtmgr

Exports

Exports

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 18KB

.MZ5120 Size: - Virtual size: 1.6MB

.MZ5121 Size: - Virtual size: 1.9MB

.vmp]¬P Size: - Virtual size: 1.8MB

.vmp]¬P Size: 1024B - Virtual size: 1008B

.vmp]¬P Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 802B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 18KB

.MZ5120
Size: - Virtual size: 1.6MB

.MZ5121
Size: - Virtual size: 1.9MB

.vmp]¬P
Size: - Virtual size: 1.8MB

.vmp]¬P
Size: 1024B - Virtual size: 1008B

.vmp]¬P
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 802B