d1491c3f3189caa567e1c78ed9977ffe[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d1491c3f3189caa567e1c78ed9977ffe.bin
Size

466KB
MD5

5e789112b607897397cc4842688840d7
SHA1

8e8eeb05142dbab02122d650b88bbd7f2f601a28
SHA256

b5ada2e163b624d5ce206d1438c012b08e9217b32313922905b1e58d946f2e3c
SHA512

3bf5b4204f9a21d7a7cfcf1a52730ff26337ecdd52ce08ca495d5ffd6d97df1b7b091232978a763c34a9766b9f8040c92ceb92b8b0570143def842af0a838201
SSDEEP

12288:PuXjG0IlR1jlSo3LSOMe4F8evaGGaT7QQt0WvM:2TGFlpLSOMbF8eva9ant90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4fae997375f3f1bbffd1e67d728d286d7b7c52e504742d1db89a9e19fe157cf7.exe

Files

d1491c3f3189caa567e1c78ed9977ffe.bin
.zip

Password: infected
4fae997375f3f1bbffd1e67d728d286d7b7c52e504742d1db89a9e19fe157cf7.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f6190d214c9f2a179a7a632c469d27b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
FindExecutableW

user32

GetSysColor
GetClientRect
SetRect
EndPaint
LoadCursorA
CharUpperBuffA
GetLastActivePopup
ShowWindow
PostMessageA
SendMessageA
EnableWindow
SetWindowTextA
SetForegroundWindow
SetActiveWindow
GetKeyState
MessageBoxW
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
BeginPaint
UpdateWindow
LoadStringA
MessageBoxA
GetWindowLongA
SetWindowLongA
wsprintfA
SetTimer
KillTimer
DialogBoxParamA
GetDlgItemTextA
EndDialog
GetWindowRect
GetSystemMetrics
SetWindowPos
PeekMessageA
TranslateMessage
DispatchMessageA
SetCursor
CharNextA
SetWindowWord
GetWindowWord
DefWindowProcA
RegisterClassA
InvalidateRect

kernel32

GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
Sleep
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrcatA
FindClose
FindFirstFileA
GetCurrentDirectoryA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
LocalAlloc
GetDriveTypeA
lstrcpyA
_lclose
GlobalLock
GlobalAlloc
lstrlenA
GlobalFree
GlobalUnlock
GlobalHandle
GetEnvironmentVariableA
LocalFree
_llseek
_lread
_lopen
CloseHandle
WriteFile
CreateFileA
ExitProcess
GetModuleHandleA
_lcreat
GetVolumeInformationA
MultiByteToWideChar
CreateProcessW
lstrlenW
GetWindowsDirectoryA
lstrcmpiA
GlobalMemoryStatus
GetVersion
GetVersionExA
GetModuleFileNameA
GetSystemTime
_lwrite
SetErrorMode
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
FlushFileBuffers
SetCurrentDirectoryA
GetModuleFileNameW
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess

gdi32

SetTextColor
SetTextAlign
GetBkColor
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject
DeleteObject
SetBkColor

advapi32

RegQueryValueW

comctl32

ord17

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

_winzip_
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f6190d214c9f2a179a7a632c469d27b7

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

comctl32

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 40KB - Virtual size: 36KB

.reloc Size: 8KB - Virtual size: 5KB

_winzip_ Size: 412KB - Virtual size: 412KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 40KB - Virtual size: 36KB

.reloc
Size: 8KB - Virtual size: 5KB

_winzip_
Size: 412KB - Virtual size: 412KB