4f3a640c8c8023d28833f0db2ee042e9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4f3a640c8c8023d28833f0db2ee042e9.bin
Size

244KB
MD5

40c28824ac6b65aab1d6cdbc4aebf99b
SHA1

707d3b275bf51c1a3f921b7b70e68c235ade40bc
SHA256

5d67849d4d1480f4d690544724ee6d8adcb34a9ee1262c27b141b756ad6d6938
SHA512

5f05ecaccef6d9852b278187acfa5e5e5a24da807e18349c63a772db3ae862164fdcb59f0487a09e85baaf199b08fff47948e5d259b35950bd2c89fd6548bea1
SSDEEP

6144:basJtjejMLO17qYH6Nxt/+XQYMi0aNXnVW6x:bBt+MLO1OYad+gYv00XnVlx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b99842693e7d6fb2a621a278b2b336ca60c260c92c14286507468b829c9ede70.exe

Files

4f3a640c8c8023d28833f0db2ee042e9.bin
.zip

Password: infected
b99842693e7d6fb2a621a278b2b336ca60c260c92c14286507468b829c9ede70.exe
.exe windows:5 windows x86 arch:x86

Password: infected

c85621604a397e488423155048882e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GlobalMemoryStatus
SetFilePointer
SetComputerNameExA
LoadLibraryExW
GetConsoleAliasA
InterlockedDecrement
SetComputerNameW
SetCommBreak
CreateHardLinkA
LockFile
GetModuleHandleW
GetTickCount
GetWindowsDirectoryA
EnumTimeFormatsA
SetCommState
GetSystemDirectoryW
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
GetLocaleInfoW
ReadConsoleInputA
GetACP
InterlockedExchange
OpenMutexW
GetLastError
SetLastError
BackupRead
GetProcAddress
RemoveDirectoryA
WriteConsoleA
LocalAlloc
SetConsoleOutputCP
CreateEventW
AddAtomA
BuildCommDCBA
VirtualProtect
GetTempPathA
SetFileAttributesW
CommConfigDialogW
CloseHandle
CreateFileW
WriteConsoleW
GetStringTypeW
HeapFree
EncodePointer
DecodePointer
IsProcessorFeaturePresent
ReadFile
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetProcessHeap
HeapSize
SetFilePointerEx
GetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
HeapReAlloc
LCMapStringW
SetStdHandle
FlushFileBuffers
OutputDebugStringW
SetEndOfFile

user32

GetSysColorBrush
SetMessageExtraInfo
SetMenu

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 33.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c85621604a397e488423155048882e50

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 180KB - Virtual size: 33.4MB

.rsrc Size: 45KB - Virtual size: 44KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 180KB - Virtual size: 33.4MB

.rsrc
Size: 45KB - Virtual size: 44KB