1938a3545517650824657fd09ce4ee16[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

1938a3545517650824657fd09ce4ee16.bin
Size

79KB
MD5

613820851867d693e7140ac59bcd5ad0
SHA1

59d22a3352ad3de0dc8796bdbcc4c22ed565e11c
SHA256

3b1c55ad67b8f4038dd498b9bd392acaffe9ba2a6bcee8887072f16daeacc4f3
SHA512

75458960091ba675e14324f9d208b9e2ab50559330e1c255eba314f007a7f869bac9ef0eb4fb813e985f7827e58bd20960a89cc76511539a009bdd1f475d9337
SSDEEP

1536:40WdaF4MI/gk4Su/0BJMFxPMRZ+YJUDfa1Out6n2jYuvR5gSq2L:JWs7k4uMLuUK62jYEbgh2L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/602dbcf4008c585582d5e5d5c8ddb1932fdee07a14308e9cbf937904f31df1f7.exe

Files

1938a3545517650824657fd09ce4ee16.bin
.zip

Password: infected
602dbcf4008c585582d5e5d5c8ddb1932fdee07a14308e9cbf937904f31df1f7.exe
.exe windows:6 windows x64 arch:x64

Password: infected

f9a28c458284584a93b14216308d31bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEvent
WriteConsoleW
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLastError
ProcessIdToSessionId
CreateEventW
GetCurrentProcess
AllocConsole
GetConsoleWindow
CreateProcessW
GetProcessHeap
SetStdHandle
HeapAlloc
FreeConsole
CloseHandle
TerminateThread
CreateFileW
WaitForSingleObject
GetModuleFileNameW
TerminateProcess
HeapReAlloc
HeapSize
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetStdHandle
HeapFree
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WideCharToMultiByte

advapi32

OpenProcessToken
RegOpenKeyExW
RegEnumKeyW
CopySid
GetLengthSid
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
PrivilegeCheck
SetTokenInformation
CreateProcessWithTokenW
ImpersonateLoggedOnUser
LogonUserW
RegCloseKey
CreateProcessAsUserW
RegGetValueW

ole32

CreateObjrefMoniker
CoInitializeSecurity
CoGetInstanceFromIStorage
StgCreateDocfileOnILockBytes
CoTaskMemFree
CreateBindCtx
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CoTaskMemAlloc
CreateILockBytesOnHGlobal

crypt32

CryptStringToBinaryW

rpcrt4

RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW

secur32

InitSecurityInterfaceW
QuerySecurityContextToken
AcceptSecurityContext

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f9a28c458284584a93b14216308d31bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

crypt32

rpcrt4

secur32

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB