d2f5b66ab0cf13771e89fe1656c89947[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2f5b66ab0cf13771e89fe1656c89947.bin
Size

32KB
MD5

892c317641e3fb6386695b0b978c2c6c
SHA1

5cf8a3c38ce4444698946e3f69dc69fe5d21ebd8
SHA256

13943b0f50b45fb1d280b76f272526f357b3b59bba02fe0d4bed3aed46feb728
SHA512

a89ca3195c8ba08d4f3ef0621bc15e5b54c03b7747803e06f4b7bed89b46e3c1d7a729b1e99fb6259b60e2edf70dec9bb2847b4fa06a27afd8ad5ed023541c92
SSDEEP

768:sEFwsfAu+ZR/UN09vOQrOD7t0yhV3c6otbP8XVcBR:/GQWX9vO+Od0sM6QkXWBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9aeb0906f67c78e464029d5af304c60b9cdb3492a4121e14454331af8e5c60bc.exe

Files

d2f5b66ab0cf13771e89fe1656c89947.bin
.zip

Password: infected
9aeb0906f67c78e464029d5af304c60b9cdb3492a4121e14454331af8e5c60bc.exe
.exe windows:4 windows x86 arch:x86

Password: infected

3692d664d063c430bc70000eda71cfd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CreateProcessA
Sleep
WaitForSingleObject
ReleaseMutex
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
CloseHandle
GetModuleFileNameA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
GetTickCount
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
OpenMutexA
IsBadReadPtr
SetConsoleTitleA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA

msvcrt

rand
tolower
??3@YAXPAX@Z
srand
strrchr
_ftol
strchr
atoi
memmove
malloc
free
fclose
fread
rewind
ftell
fseek
fopen
fwrite

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ