d4bed9420bd66fbf3c483e1dacabb726[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

d4bed9420bd66fbf3c483e1dacabb726.bin
Size

3.8MB
MD5

3ce8d515249717723762562b525e0bc4
SHA1

9b341bc343e4760ae54e39efbdbf6b3ebef0e96c
SHA256

f91c8a1550b711d54aacaff5cc8eebde5e04c185fd43581d6d3bf53dd94b13bc
SHA512

efff213bf9f19004f8c26510f24469f05712e991b0531e4ee5622cac69f0aa3cb85504f43c4e76dc1e70990598d45c24d6c958cd2ed22b54bed4bbd23b0ffd4a
SSDEEP

98304:2/w4lQUxLDvXfQbWIZCMFkYoBOnDUqk7Z2FzOh9fX:oLOUxfPfQB7FkYvKkqfX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/deb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01.exe

Files

d4bed9420bd66fbf3c483e1dacabb726.bin
.zip

Password: infected
deb1116c4183fb13e12441140167656729cf3a6b32b6488f2b6b72d578536e01.exe
.exe windows:6 windows x86 arch:x86

Password: infected

73a99421c03d3f56333f368b6d96c755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\b\d_00000000_\b\out\Win32\Release\starter.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
ResetEvent
DeleteCriticalSection
LocalAlloc
OpenProcess
DeleteFileW
RemoveDirectoryW
GetModuleFileNameW
GetLastError
CreateDirectoryW
CompareStringW
GetTempPathW
ExpandEnvironmentStringsW
CreateProcessW
CreateFileW
GetSystemWindowsDirectoryW
GetExitCodeProcess
GetCurrentProcessId
ReadFile
FormatMessageW
GetModuleHandleW
GetFileAttributesW
SetCurrentDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
LocalFree
HeapFree
GetProcessHeap
MultiByteToWideChar
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetModuleHandleA
GetCurrentProcess
GetCurrentDirectoryW
MoveFileW
HeapAlloc
GetLocalTime
Sleep
GetCurrentThreadId
SetUnhandledExceptionFilter
SetEnvironmentVariableW
GetWindowsDirectoryW
GetLongPathNameW
LoadLibraryW
SetDllDirectoryW
SetLastError
TlsSetValue
VirtualProtect
VirtualAlloc
TlsAlloc
GetSystemInfo
FlushInstructionCache
TlsGetValue
TlsFree
GetTickCount
VirtualQuery
RaiseException
LoadLibraryExA
FindResourceExW
LoadResource
LockResource
SizeofResource
WriteFile
GetModuleFileNameA
GetModuleHandleExA
SetFilePointer
FindNextFileW
FindClose
MoveFileExW
GetTempFileNameW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
WideCharToMultiByte
GetStringTypeW
QueryPerformanceCounter
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
WriteConsoleW

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

O)x8@
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

73a99421c03d3f56333f368b6d96c755

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 237KB - Virtual size: 237KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 5KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 12KB - Virtual size: 11KB

O)x8@ Size: 18KB - Virtual size: 20KB

.text
Size: 237KB - Virtual size: 237KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 5KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 12KB - Virtual size: 11KB

O)x8@
Size: 18KB - Virtual size: 20KB