2079e366f7fd2d784fbe050ed1a463ec[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2079e366f7fd2d784fbe050ed1a463ec.bin
Size

2.0MB
MD5

d0356c53e21d7414381be4a0382bbd64
SHA1

8eb48e22dc0a83526a35dd8c30063e82445cb301
SHA256

a20fa34ec69e492cc0cd28479c846347d887960284b9d7ba88ce26436720e79f
SHA512

d2eb6d05891635cee395940c89a1cbb99983e017c39f934821ea193fbe296e54942ca55e4e0f1e48eaf6e231b0db41f2c31017ce927d7e92f720cf6e92b318dc
SSDEEP

49152:QOCnLzTi0G7/YX8+njEboZgUni1ir6/dIXbFUjwV:QlXTi0iAFjGcH95UjwV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e6107f8ab9838453aa1729a1c6946932a9f5864a4a6770019daa7dad9c033b31.exe

Files

2079e366f7fd2d784fbe050ed1a463ec.bin
.zip

Password: infected
e6107f8ab9838453aa1729a1c6946932a9f5864a4a6770019daa7dad9c033b31.exe
.exe windows:5 windows x64 arch:x64

Password: infected

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xlfnnrwe
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iucouyat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ