7ceb3e676313c920a35ad525ce9b9fe7[.]bin

Resubmissions

11/04/2024, 06:12

240411-gyhd5aha2v 8

11/04/2024, 05:44

11/04/2024, 05:39

11/04/2024, 05:39

11/04/2024, 05:39

07/04/2024, 08:11

07/04/2024, 08:11

07/04/2024, 08:11

07/04/2024, 08:10

06/01/2024, 03:08

Sharing

Copy URL Twitter E-mail

General

Target

7ceb3e676313c920a35ad525ce9b9fe7.bin
Size

2.5MB
MD5

ac9444b15b18c3b2ba0321ba92913758
SHA1

fb59b20a60bd5d6f045dc6165f2a912fcb3b1a5a
SHA256

fafee4f33684bb321a19bbefa14ff847ad2f3b89711952ad5db5a2d8e34bf02a
SHA512

43a8ded299992d52f4ab217b5cce9882f8525d804939843df0b8e4c538b63814fae35c422bfa6c1b55d18c719d038219dbeda3c9aef9db1c7a486f0175204709
SSDEEP

49152:IaQNtyUNljrtx+Zzwq5lSzI/fDjXgtsvGyGJ8cah3d+ItboAipKs3fFcX:mtykljrtxC86B7DgevAqcw+ItboTo1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32.exe

Files

7ceb3e676313c920a35ad525ce9b9fe7.bin
.zip

Password: infected
f38327b8c73b8f9b205f8ac447f83c7a6b425908283bb68bf742827248dd4f32.exe
.exe windows:6 windows x64 arch:x64

Password: infected

cd806fdd2f34e34aec292e0e944bba10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegGetValueA

kernel32

K32GetModuleFileNameExW
SetThreadPriority
GetTempPathW
lstrlenA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
CreateFileW
ReleaseMutex
lstrcatA
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
CreateFileA
GetCurrentThread
LoadLibraryA
GetModuleFileNameW
DeleteFileA
lstrcpyA
Process32FirstW
CloseHandle
GetNativeSystemInfo
CreateThread
GetWindowsDirectoryA
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
ExitProcess
GetProcessHeap
CreateProcessW
FreeLibrary
CopyFileW
WinExec
GetTempFileNameW
IsBadReadPtr
QueryPerformanceCounter
HeapSize
FlushFileBuffers
TerminateProcess
VirtualAlloc
WriteFile
GetCurrentProcess
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetModuleFileNameA
lstrcatW
CreateDirectoryW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WriteConsoleW
SetFilePointerEx
SetStdHandle
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
WideCharToMultiByte
HeapReAlloc
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetModuleHandleExW
GetFileType
GetStdHandle
MultiByteToWideChar

shell32

ShellExecuteExW

shlwapi

StrStrIA
StrStrIW

secur32

GetUserNameExA

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetReadFile
InternetConnectA

ws2_32

select
inet_addr
WSAStartup
setsockopt
ioctlsocket
htons
getsockopt
recv
connect
socket
__WSAFDIsSet
WSACleanup
send
closesocket
WSAGetLastError

Sections

.text
Size: 144KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

cd806fdd2f34e34aec292e0e944bba10

Headers

File Characteristics

Imports

advapi32

kernel32

shell32

shlwapi

secur32

wininet

ws2_32

Sections

.text Size: 144KB - Virtual size: 148KB

.rdata Size: 56KB - Virtual size: 60KB

.data Size: 5.0MB - Virtual size: 6.0MB

.pdata Size: 7KB - Virtual size: 8KB

.tls Size: 7KB - Virtual size: 12KB

.SCY Size: 3KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 148KB

.rdata
Size: 56KB - Virtual size: 60KB

.data
Size: 5.0MB - Virtual size: 6.0MB

.pdata
Size: 7KB - Virtual size: 8KB

.tls
Size: 7KB - Virtual size: 12KB

.SCY
Size: 3KB - Virtual size: 4KB