1b5058c908a0644e00c5d4cffadc848b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

1b5058c908a0644e00c5d4cffadc848b.bin
Size

1.8MB
MD5

c580c0e54b0cfa5b0aba6710ea698f7b
SHA1

d36cb20c4b288faed0c8413f57a4f9405775842e
SHA256

c9d29d1e968e96f21fe97c8a717e1115af75754660a2852d3052a0060d0774a5
SHA512

93903447e98e22f39f44274094f2254ea276a13871b4eca94edfa104def801d0ee8d2d07d0ce3e01a6ab6fa281d9dd5dac4d8b3773e2ed7215c4c36e60b3ad6d
SSDEEP

49152:JlxO6K7gj1cM7GOjLmVLjlMjH/blAGKGT:JlbGgj117hLKGKGT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/96f1c775ee491b26a4c116033aa310f1b52a8a861085bdf8d24dfd5fc99bbca2.exe

Files

1b5058c908a0644e00c5d4cffadc848b.bin
.zip

Password: infected
96f1c775ee491b26a4c116033aa310f1b52a8a861085bdf8d24dfd5fc99bbca2.exe
.exe windows:5 windows x86 arch:x86

Password: infected

8c22317ce05558d5841ed29ad4374b78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\topupinevif\guverokoru_tikuruk54-fudasuhe.pdb

Imports

kernel32

CommConfigDialogA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
BackupSeek
GetModuleHandleW
GetWindowsDirectoryA
EnumTimeFormatsA
SetCommState
GlobalAlloc
LoadLibraryW
TerminateThread
GetLocaleInfoW
GetConsoleAliasW
WriteConsoleW
GetModuleFileNameW
GetSystemDirectoryA
GetACP
MultiByteToWideChar
GetFullPathNameA
GetConsoleOutputCP
GetLastError
SetLastError
GetProcAddress
CreateHardLinkW
CreateEventW
AddAtomA
GlobalFindAtomW
GlobalUnWire
BuildCommDCBA
VirtualProtect
GetVersionExA
ReadConsoleInputW
GetCurrentProcessId
SetFileAttributesW
GetVolumeInformationW
GetTempPathW
GetComputerNameA
EncodePointer
DecodePointer
ReadFile
GetCommandLineW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapSize
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
GetConsoleMode
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
CloseHandle
GetCurrentThreadId
GetProcessHeap
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
HeapReAlloc
LCMapStringW
SetStdHandle
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
CreateFileW

gdi32

DeleteMetaFile

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 23.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8c22317ce05558d5841ed29ad4374b78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1.7MB - Virtual size: 23.5MB

.rsrc Size: 87KB - Virtual size: 86KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1.7MB - Virtual size: 23.5MB

.rsrc
Size: 87KB - Virtual size: 86KB