a7efa1a450a8e594e78db49b8e496dfb[.]bin | Triage

Resubmissions

23/04/2024, 20:02

240423-ysff1sbd89 10

22/04/2024, 19:41

240422-yd3yrsfc54 10

21/04/2024, 01:35

240421-bzyjvaff78 10

Sharing

Copy URL Twitter E-mail

General

Target

a7efa1a450a8e594e78db49b8e496dfb.bin
Size

2.4MB
MD5

b1fe5eeb6293f2744b56acab9658a62e
SHA1

4a7595ead2335c0b3a38471e68e04e6d62d597e3
SHA256

8ada05694d1491267ea4dae764af31437172eed243c7afb9b2d3332db995c2ef
SHA512

2bcad31909f4c557deaf7973a2afc20f16af7069907cf40ade71238de624de5e1e67de0f98c4ca4e9588107c95e6fe8c12814c283799680bbc15fbd4cea762d7
SSDEEP

49152:tiklOVcHjeYUDQyr0cZ/C8fbCsvVlty02+foskT55hDLY4qmH3pYCkvJ2AcAJv:j5HjeYaecz20Vlty09Q55hDLPqY3gJZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3.exe

Files

a7efa1a450a8e594e78db49b8e496dfb.bin
.zip

Password: infected
460e3932c1f76c83aeb5f294a84c5a2343d05bf40afadd3edae8c561f26f9ab3.exe
.exe windows:1 windows x86 arch:x86

Password: infected

140094f13383e9ae168c4b35b6af3356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SetErrorMode
Sleep
VirtualAllocExNuma

shlwapi

PathFindFileNameA

msvcrt

malloc
free
memset
strcmp
_strcmpi
strcpy

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ