b5918b712c234a237d0c1e1f56a9cfa8[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5918b712c234a237d0c1e1f56a9cfa8.bin
Size

114KB
MD5

c8672104199193b805a4f971628bf55b
SHA1

b1ec67883ddcbbb2252f4f07239a7ee9c795ee48
SHA256

45b87d618bd3cd3f8053dad43149cb528108bfb16cc348f0de2606d30a81814d
SHA512

f58a6d7a5b1c3b28ca08d50f9f47f0e2ba27d7fb720fc2b02610b2bdfee6861edf4b1830a966a7b2b831e827d53b703c04bf407a0cf863665a618607c62c9316
SSDEEP

3072:dKdL64XVpsiOPv9VNogiTMzPAELjJsnzBiT3qXlxEgD9Mf:dkVE1/ogPT/Jiwryxu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a227fd914e500a9e273c986130667bb4f2e55150cd98844550c3b4ead6b7fa53.exe

Files

b5918b712c234a237d0c1e1f56a9cfa8.bin
.zip

Password: infected
a227fd914e500a9e273c986130667bb4f2e55150cd98844550c3b4ead6b7fa53.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\hkzpb377qcv\obj\Release\NETCrypt.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ