b6e4dc4fd0cc50fbb1236fe1108b886d[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

b6e4dc4fd0cc50fbb1236fe1108b886d.bin
Size

208KB
MD5

e80af8e1e0ccdd041677cb9917ed098b
SHA1

b8ee5b28195ea8863779f2932ec4f5765181a9f5
SHA256

581c97fa9e83dc6acd910e49ccbc71c6f49245fbb35a5ea16eaeaaa344a3a7f7
SHA512

77cf33a91d7c1b4e3c25b258c024245fa0774ecc3dca29789d5878fe3f8ce38a1dd279d13dcfb7694b3a7d322425b5ee844463c6ac58e0668faee4a2c3c3782c
SSDEEP

6144:vVldg/fB9n9XGS0NRfdNc68NB2Luud/TWc1a:dafgSCRFNc68NB0BTbU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/114aa6cb595ed49423707788c3a06a79e250d23d0615108cbb3fb5bdd20af5c8.exe

Files

b6e4dc4fd0cc50fbb1236fe1108b886d.bin
.zip

Password: infected
114aa6cb595ed49423707788c3a06a79e250d23d0615108cbb3fb5bdd20af5c8.exe
.exe windows:5 windows x86 arch:x86

Password: infected

5ec6dee0bb8cb06d2e2fd45ee1c1fbf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sumapo.pdb

Imports

kernel32

GetNumaProcessorNode
GetLocaleInfoA
LoadLibraryExW
GetTickCount
CreateRemoteThread
GetWindowsDirectoryA
GetVolumeInformationA
LoadLibraryW
ReadConsoleInputA
ReadProcessMemory
WriteConsoleW
GetModuleFileNameW
GetCompressedFileSizeA
GetTempPathW
SetThreadLocale
GetLastError
FindVolumeMountPointClose
VirtualAlloc
FindFirstChangeNotificationW
CopyFileA
SetStdHandle
SetFileAttributesA
LoadLibraryA
WriteConsoleA
LocalAlloc
SetCalendarInfoW
CreateHardLinkW
GetExitCodeThread
GetNumberFormatW
AddAtomW
RemoveDirectoryW
GlobalFindAtomW
GetOEMCP
VirtualProtect
AddConsoleAliasA
CreateFileW
CreateTimerQueueTimer
GetSystemDefaultLangID
OutputDebugStringW
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
IsProcessorFeaturePresent
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCurrentThreadId
IsDebuggerPresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetFileType
CloseHandle
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
ReadFile
SetFilePointerEx
GetConsoleCP
GetConsoleMode

user32

GetMenuItemID

gdi32

GetCharacterPlacementW

winhttp

WinHttpConnect

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 21.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5ec6dee0bb8cb06d2e2fd45ee1c1fbf4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 138KB - Virtual size: 21.9MB

.rsrc Size: 59KB - Virtual size: 58KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 138KB - Virtual size: 21.9MB

.rsrc
Size: 59KB - Virtual size: 58KB