65ac9c8f4e8d8895ee255887aab73d98[.]bin

General

Target

65ac9c8f4e8d8895ee255887aab73d98.bin
Size

168KB
MD5

1f2a77fdfb4d98a1fca8971375c959c1
SHA1

692e9c076e05339e170ba62550492f1560de1e6e
SHA256

799133cbd04b61f49352c6fd97d2c123f7a702deb9e9ab6a82b2923c09316def
SHA512

72c9cb2bad01a23e5ff483a71e3b291fac597e4556cd26d60cc57187623f75a5cc01701d4d13e7765e3d985ff0acde7f771531f2fd9635c267864641aacb4e40
SSDEEP

3072:Xns2JnXExJqvWHbC3KJr2WyQ7UZ0VxI5e2i9/tW+1kiKQFpUum+1eGHIL9B4KkV+:FXKHbCaJdjUZixI5e2oi87HoHA+eO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8c3f7ddf6729e7feafeabd533848f3d7ffd50c38e77fdc09cb0905f790a997e1.exe

Files

65ac9c8f4e8d8895ee255887aab73d98.bin
.zip

Password: infected
8c3f7ddf6729e7feafeabd533848f3d7ffd50c38e77fdc09cb0905f790a997e1.exe
.exe .js windows:5 windows x86 arch:x86 polyglot

Password: infected

821c455b475c3595aa1e4e6ad93e77fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
TerminateProcess
GetCommandLineA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CloseHandle
VirtualAlloc
VirtualFree
GetLastError

msvcrt

strncpy
strrchr
toupper
strstr
_strdup
strncat
printf
strchr
isspace
isdigit
_strupr
malloc
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__set_app_type
_except_handler3
_c_exit
__p__fmode

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

user32

EnumDesktopsA
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongA
GetWindowTextA
FindWindowExA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
EnumWindowStationsA

ntdll

NtSetSystemInformation
RtlUnicodeStringToAnsiString
NtQuerySystemInformation

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

821c455b475c3595aa1e4e6ad93e77fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ntdll

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 2.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 2.8MB

.rsrc
Size: 1KB - Virtual size: 1KB