f70ea3e3ab37bd563f0af05b2c7ff141[.]bin | Triage

Sharing

General

Target

f70ea3e3ab37bd563f0af05b2c7ff141.bin
Size

32KB
MD5

697702cc0a5bcac7b9a3d2beb09847da
SHA1

e96b10d06f17f1bf78272ec118056cb8a4925720
SHA256

1f22fdda6129e2dea31b9cda74a6a02270c1bb4781f94a5cb34a4f99eee44cb1
SHA512

066d8134aa4962095105cbee69f998bcf80c8e38db0b369031b695d2d2b58339334a57cc342993d0c6691865b49d4e04a1ea4f9d808b64e232d31a3a85e9d235
SSDEEP

768:XZ6IWnDNeyL6LGfrvT8sSzW1pJuLlAESATIb/w8/JthcUb1nOpXt6Q:XxOL5vT8nW3JQlAESA8b/TL6U5w6Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ef74f6ab71ef01a876c621a62c2337a6d7784b147b0a88d413b3f9ec4d81e9e2.exe

Files

f70ea3e3ab37bd563f0af05b2c7ff141.bin
.zip

Password: infected
ef74f6ab71ef01a876c621a62c2337a6d7784b147b0a88d413b3f9ec4d81e9e2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

J:\WINTECH\WinInvoice_SignerDownload\WinInvoice_SignerDownload\obj\Debug\WinInvoice_SignerDownload.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ