dd49b01b20c449788ebd53a85934696b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

dd49b01b20c449788ebd53a85934696b.bin
Size

180KB
MD5

c92801290dba128fa8c1fc787dfa8097
SHA1

f38b26d31fea046d924c9f91ba12518d0e9d6957
SHA256

a4e260769ec7bc363d90dd1b9d5f7b62bf9596014ca9dc35f14e9d532c23f87f
SHA512

a75732366c909cda3061c22f41791362ec167567ce7443b9aafeaef90a908f5fec800bedf099d7563699c79fe150e1df6032f5fbd6eea0c4f9a890d20f943fcb
SSDEEP

3072:MOdLZcjvMUurVK3wgCJpVlvP9NrKEqdUrJ6bQo85Cnz48kOIlFrwox8FkW55TZMR:VZmQVjXl9Nrjq8J6bJQCnc8kFn5x8CWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ff8f82b43811e61b65d707f35cac31af19e0fa5d7a15e920e665524a18ca1fdf.exe

Files

dd49b01b20c449788ebd53a85934696b.bin
.zip

Password: infected
ff8f82b43811e61b65d707f35cac31af19e0fa5d7a15e920e665524a18ca1fdf.exe
.exe windows:5 windows x86 arch:x86

Password: infected

c7c40a60900333ddf55dd487e2300ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GlobalMemoryStatus
SetFilePointer
SetComputerNameExA
GetConsoleAliasA
InterlockedDecrement
SetComputerNameW
SetCommBreak
CreateHardLinkA
LockFile
GetModuleHandleW
GetTickCount
GetWindowsDirectoryA
EnumTimeFormatsA
SetCommState
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
GetLocaleInfoW
ReadConsoleInputA
GetSystemDirectoryA
GetACP
InterlockedExchange
OpenMutexW
GetLastError
SetLastError
BackupRead
GetProcAddress
RemoveDirectoryA
BuildCommDCBW
WriteConsoleA
LocalAlloc
SetConsoleOutputCP
CreateEventW
AddAtomA
LoadLibraryExA
VirtualProtect
GetTempPathA
SetFileAttributesW
CommConfigDialogW
CloseHandle
CreateFileW
WriteConsoleW
GetStringTypeW
HeapFree
EncodePointer
DecodePointer
IsProcessorFeaturePresent
ReadFile
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
RaiseException
RtlUnwind
IsDebuggerPresent
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetProcessHeap
HeapSize
SetFilePointerEx
GetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
HeapReAlloc
LCMapStringW
SetStdHandle
FlushFileBuffers
OutputDebugStringW
SetEndOfFile

user32

GetSysColorBrush
SetMessageExtraInfo
SetMenu

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 33.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c7c40a60900333ddf55dd487e2300ddd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 117KB - Virtual size: 33.3MB

.rsrc Size: 44KB - Virtual size: 43KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 117KB - Virtual size: 33.3MB

.rsrc
Size: 44KB - Virtual size: 43KB