72d4eeccd277aafbcf4cab0dcd452dc2[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

72d4eeccd277aafbcf4cab0dcd452dc2.bin
Size

277KB
MD5

5cda6e4e45db3cdffaf5316e30bbd897
SHA1

6ad601ed8c4aca8a3ac23e23898a235208ce3f5c
SHA256

0b17721c4d9f58af8fbd32484a479225a43d66ae66fd764c0cbff5e10a5f442b
SHA512

1da35bb5a0d817af86096f66ce8678ccaee925890a33f7a2ca24c3c39d0538c98c4f3c86a96a1afe6f5dc12689fcdb9c17de799b36297cca5dbf1c4c4870d8c7
SSDEEP

6144:qTCwXIdFGU/qh305SwvZTaLyKE2MuiU2Fv5XWOij8Dd:qTrXI/GUyN+FaOx2Mui1BD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/21813d70000dd1dd0913067a7e9be3f08e61f4474d6a2a4825ef19ec29a28d5a.exe

Files

72d4eeccd277aafbcf4cab0dcd452dc2.bin
.zip

Password: infected
21813d70000dd1dd0913067a7e9be3f08e61f4474d6a2a4825ef19ec29a28d5a.exe
.exe windows:5 windows x86 arch:x86

Password: infected

ec3abec3d94db3f742ac97930ba3d6d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
GetDateFormatW
HeapReAlloc
GetConsoleAliasesLengthW
HeapFree
SetComputerNameW
GetModuleHandleW
GetUserDefaultLangID
GlobalAlloc
LoadLibraryW
GetLocaleInfoW
GetConsoleAliasExesLengthW
WriteConsoleOutputA
GetAtomNameW
CreateFileW
WritePrivateProfileStringW
GetThreadLocale
GetProcAddress
GetLongPathNameA
HeapSize
LoadLibraryA
CreateHardLinkW
FindFirstVolumeMountPointW
SetConsoleOutputCP
FindAtomA
GlobalFindAtomW
CreatePipe
GetModuleFileNameA
SetConsoleTitleW
HeapSetInformation
GetCurrentDirectoryA
DeleteCriticalSection
SetCalendarInfoA
SetFileAttributesW
HeapAlloc
GetLastError
ExitProcess
DecodePointer
GetCommandLineW
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
FlushFileBuffers
ReadFile
CloseHandle

user32

GetMonitorInfoW
LoadIconA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ec3abec3d94db3f742ac97930ba3d6d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 10KB - Virtual size: 39.2MB

.rsrc Size: 38KB - Virtual size: 38KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 10KB - Virtual size: 39.2MB

.rsrc
Size: 38KB - Virtual size: 38KB