fa287ca8c14e1d5e0f042c2d31d9d952[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa287ca8c14e1d5e0f042c2d31d9d952.bin
Size

20.2MB
MD5

9e082139b3ed86500f542f638d71c6d2
SHA1

1f29874a87b4c5469379412f3b0adad7966b791e
SHA256

7289725721db6dbe7ce4d34dc73efe22550cdd5d924d6506b81cd1fc450d591f
SHA512

f957e1a2a75873b551eb910fbe8f284692285c7d9ca08852880a8af3495f73db0e4280592758decce44c5d824569516237ccb74165e24dbe17d3ac821c89ab4f
SSDEEP

393216:Ov+xQILutEQrMZ3SItj8vCx8EK+V3Rz7ryiu4xnz1XSmDo:kabLutJMZ3n2g8q5RHryanZigo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/645a714872b923a65a7969616c8dd2c4ad2b330611e18a25613f6531557747c0.exe

Files

fa287ca8c14e1d5e0f042c2d31d9d952.bin
.zip

Password: infected
645a714872b923a65a7969616c8dd2c4ad2b330611e18a25613f6531557747c0.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\fvsbc\Desktop\WuWa RU\WuWaRu\WuWaRu\obj\Debug\WuWaRu.pdb

Sections

.text
Size: 21.7MB - Virtual size: 21.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ