cdd9582f195a7d3966a024b939345056[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

cdd9582f195a7d3966a024b939345056.bin
Size

43KB
MD5

f92386253c6e2f74993796e160efeb31
SHA1

b974077f98ac2728156ace8c6ee5e3772f809e61
SHA256

fa88e2f46bee2b8c431af6f58782e7451831299bdfbdf3643cc332a51d18c688
SHA512

693adb44f0c74512a580b77ea1b3a0cfdbbb03c9b1309926cef00e6734a4455cef20d86a856b4d45d7a512b9f1a1b540ae0f40fc3bc802bd5056482e299b2042
SSDEEP

768:X1dnNOzVFVMQUB2LLl9KTmESUnGISjEee4SN21WMQS1J:XpOVMQ1F94cmGnjEee4SN2Xn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/40aa2676de6cebb26d5017177c1cd8dcc0e533ad7d0335ca028448eabb1c0261.exe

Files

cdd9582f195a7d3966a024b939345056.bin
.zip

Password: infected
40aa2676de6cebb26d5017177c1cd8dcc0e533ad7d0335ca028448eabb1c0261.exe
.exe windows:4 windows x86 arch:x86

Password: infected

8f3de60419ada42a70576299ba3fe98e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCheckPlatform

ole32

CoUninitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoInitialize

kernel32

FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
GetUserDefaultLCID
FreeLibrary
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc
RtlUnwind
VirtualFree
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
GetCommandLineA
HeapCreate

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA

oleaut32

VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8f3de60419ada42a70576299ba3fe98e

Headers

File Characteristics

Imports

winhttp

ole32

kernel32

user32

oleaut32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 69KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 69KB