2a9bf696f1af170e0e1b5ede752a1578[.]bin | Triage

Sharing

General

Target

2a9bf696f1af170e0e1b5ede752a1578.bin
Size

4.0MB
MD5

79d5845cc0ea5ae27873d91f226e7aed
SHA1

fd7d062283f5f1624319055d4b10b279093ed3ed
SHA256

65351e13cea23ec8e910fe0f7a10c286033e330eeec1c09c77242f3f4e1518d0
SHA512

b6e5343bd98b2abd64bbbe3b869fb5c6cd61ac4f3218aca205eed2effaf69b339f5e52950e5003456a7553d015a41fb067480d61266841907335a6c504fcb654
SSDEEP

98304:S6eooZdi1WwSVcTNK0+46ElgJ9jLIwuJO5gfW7pr:STZdi1WwSVdjJtLIwaO5gfWh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe

Files

2a9bf696f1af170e0e1b5ede752a1578.bin
.zip

Password: infected
d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f.exe
.exe windows:4 windows x64 arch:x64

Password: infected

e4a8172b80d7ea86eeba3123e2be5bfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA

user32

MessageBoxA
wsprintfA

Sections

.data
Size: - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ