b5e461068c6541785981003a39db896e[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5e461068c6541785981003a39db896e.bin
Size

114KB
MD5

6c201b2fa5be468dbe3680f6e1f327d7
SHA1

21b04fee8888b483cdbd5cd5da5cdafb353e4012
SHA256

18f7a198303bb1e6de6e8a77da6fe65e3f30a6cb2788747cbe8449c550b3e4b1
SHA512

cfbab3a7c27064a2b311ed1d000ce9e65c57c0f28f378d71473a1904fe76792c3e2257dfee4f4320406dd6c914add0c288642fe20e75a7aa387077bce54046a4
SSDEEP

3072:etQBZAdpfE2io/NeLfT7oIeEmOrC0FWIdqy1mB37IUdZ:etQbOpfneLfT7oIVmOhWIdqy437IcZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f01ddf4439d9c991cd846d6b9dc99c273a78fdda675bd1b3d60629fdd542199.exe

Files

b5e461068c6541785981003a39db896e.bin
.zip

Password: infected
6f01ddf4439d9c991cd846d6b9dc99c273a78fdda675bd1b3d60629fdd542199.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\430p9\obj\Release\NETCrypt.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ