e8e8efc99eb20de4fbe6201ad6f64185[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e8e8efc99eb20de4fbe6201ad6f64185.bin
Size

14.5MB
MD5

5e95b18c73473129e6760a101dde4103
SHA1

1fc9297844ebd7c55ad615b6f3a100d2cc013e33
SHA256

977026dde5c962edf3d9697acdc7e2999753a4a90a9970f6a597dbfccc2a60eb
SHA512

e987b4314d43a1fff8ac84645074b7376c0ce5ae897dda6fa38e9096e0287177720fb9bbf1c0804b74c361c87b07bf42ff12f2b4e1a18f3ddf489ee297281a61
SSDEEP

393216:s0OdKgcXWr8qQYETbUmvdQxsPCE5GEORLbKl1:s0OkmgxX6xsPCmORLg1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/15d69ab1d05e98c462782c0af121990bc1bffa67593d3cb8b731e135f2210bb1.exe

Files

e8e8efc99eb20de4fbe6201ad6f64185.bin
.zip

Password: infected
15d69ab1d05e98c462782c0af121990bc1bffa67593d3cb8b731e135f2210bb1.exe
.exe windows:6 windows x64 arch:x64

Password: infected

bf4add444450dc805046132a4aed610d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileType
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadCursorW

shell32

ShellExecuteW

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?setf@ios_base@std@@QEAAHHH@Z

imm32

ImmReleaseContext

d3d9

Direct3DCreate9Ex

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

crypt32

CertAddCertificateContextToStore

normaliz

IdnToAscii

wldap32

ord46

ws2_32

closesocket

rpcrt4

UuidToStringA

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-runtime-l1-1-0

abort

api-ms-win-crt-stdio-l1-1-0

setvbuf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strspn

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

fmodf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-locale-l1-1-0

localeconv

advapi32

CryptDestroyKey

Sections

.text
Size: - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ii(
Size: - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FN"
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I0h
Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bf4add444450dc805046132a4aed610d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

dwmapi

msvcp140

imm32

d3d9

d3dx11_43

crypt32

normaliz

wldap32

ws2_32

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

Sections

.text Size: - Virtual size: 727KB

.rdata Size: - Virtual size: 159KB

.data Size: - Virtual size: 1.8MB

.pdata Size: - Virtual size: 29KB

.Ii( Size: - Virtual size: 8.7MB

.FN" Size: 10KB - Virtual size: 10KB

.I0h Size: 16.0MB - Virtual size: 16.0MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 727KB

.rdata
Size: - Virtual size: 159KB

.data
Size: - Virtual size: 1.8MB

.pdata
Size: - Virtual size: 29KB

.Ii(
Size: - Virtual size: 8.7MB

.FN"
Size: 10KB - Virtual size: 10KB

.I0h
Size: 16.0MB - Virtual size: 16.0MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 512B - Virtual size: 480B