ca4c78e5b146a4eddfcde39610ff1943[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ca4c78e5b146a4eddfcde39610ff1943.bin
Size

178KB
MD5

5dbc7b1aaa4266a0e720bdc01253e48f
SHA1

a1909527e4639266919599a3d6b9f3cb8b287c69
SHA256

c2ef273d0005b6503d90064c0fe9af1b4c65c970d49dd350691e7c8c5d9c1b1f
SHA512

f6d4ba130c0ff600cbde234d3ab23d248a663262e1ecd51d69f49ccb1e27b6c1d0880fa781efea84e8429c06509bc15c1acb0e040fdcf31b00e234efe181bb97
SSDEEP

3072:vTl+e5Jh1FlWW1qWxf0VhtRlxIdOeXklUpc6gX/pOCqWM0xM7kVIBnSlJ9B54zAL:vTke5wCqWxf0VhtRlxIdnJcNX//xMDd0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1c3448b78546786cd23b0642700e6c05b49c786f1bbf2f14c60cfff2b378736f.exe

Files

ca4c78e5b146a4eddfcde39610ff1943.bin
.zip

Password: infected
1c3448b78546786cd23b0642700e6c05b49c786f1bbf2f14c60cfff2b378736f.exe
.exe windows:5 windows x86 arch:x86

Password: infected

fee2e01e9ecb27c28da2b6fc37f265e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jozavuro\xorodilixit\54 m.pdb

Imports

kernel32

GlobalMemoryStatus
GetLocaleInfoA
LocalCompact
InterlockedDecrement
GetComputerNameW
CreateHardLinkA
GetSystemDefaultLCID
BackupSeek
GetTickCount
GetConsoleAliasesA
GetWindowsDirectoryA
EnumTimeFormatsW
GetUserDefaultLangID
SetCommState
GlobalAlloc
LoadLibraryW
ReadConsoleInputA
WriteConsoleW
GetModuleFileNameW
MultiByteToWideChar
GetLastError
ChangeTimerQueueTimer
SetLastError
GetThreadLocale
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
BuildCommDCBW
LoadLibraryA
SetCalendarInfoW
GetExitCodeThread
AddAtomW
CreateEventW
GlobalFindAtomW
GetOEMCP
LoadLibraryExA
VirtualProtect
GetConsoleProcessList
GetTempPathA
GetVolumeInformationW
HeapAlloc
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsValidCodePage
GetACP
GetCPInfo
GetCurrentThreadId
HeapFree
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
HeapSize
GetFileType
GetStartupInfoW
CloseHandle
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
LCMapStringW
SetStdHandle
SetFilePointerEx
HeapReAlloc
CreateFileW

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 60.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fee2e01e9ecb27c28da2b6fc37f265e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 110KB - Virtual size: 60.0MB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 110KB - Virtual size: 60.0MB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 5KB - Virtual size: 4KB