095481b86d31bf49a325d3e98d2dc476[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

095481b86d31bf49a325d3e98d2dc476.bin
Size

130KB
MD5

ee988db7130f0827edec1c212addbc64
SHA1

af77a450542b863a82b9813acc2177f83e3637ff
SHA256

06da9837ecb1c5b1e927893568e907aa2b62d45abfd87387553c18f8e865fcd9
SHA512

31fe8fa4ab3b47675f7bdb0cad7bd4edafc6e0ff47bce37b601d2d56b537a754d1574469ef51e79a2eb9562488a0df2d8d6933b2c86f2fdb61e8b6a6d501fa2c
SSDEEP

3072:qS9ot2afSmVBzansideNibOt+UtOXjfSTCtNRzAqNT:qS9ogIL6yFCL1FMqNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/db4defb73e7393df8472a1133abbdd60ac42a9ca063cf0e2c9eb7c2760eddc32.exe

Files

095481b86d31bf49a325d3e98d2dc476.bin
.zip

Password: infected
db4defb73e7393df8472a1133abbdd60ac42a9ca063cf0e2c9eb7c2760eddc32.exe
.exe windows:5 windows x86 arch:x86

Password: infected

2f726f40370b375fa05d60fc38904442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFirmwareEnvironmentVariableA
GetModuleHandleW
GetProcessHeap
ReadConsoleW
GetDateFormatA
SetCommState
GlobalAlloc
GetVolumeInformationA
IsBadCodePtr
HeapDestroy
GetModuleFileNameW
GetProcAddress
GetLocaleInfoA
SetFileAttributesA
LoadLibraryA
SetConsoleCtrlHandler
SetConsoleDisplayMode
SetCurrentDirectoryW
SetConsoleTitleW
FreeEnvironmentStringsW
BuildCommDCBA
GetCurrentDirectoryA
ScrollConsoleScreenBufferA
FindAtomW
SetStdHandle
EnumCalendarInfoA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
FlushFileBuffers

advapi32

ReadEventLogA

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 38.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2f726f40370b375fa05d60fc38904442

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 10KB - Virtual size: 38.7MB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 10KB - Virtual size: 38.7MB

.rsrc
Size: 28KB - Virtual size: 27KB