bf808afcc221165140ff57a5e31bdef2[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

bf808afcc221165140ff57a5e31bdef2.bin
Size

203KB
MD5

4684e83d2fa7018641badd8e3849bf25
SHA1

cb19654d432b79b3cf46000ec0b3025281e8f1dc
SHA256

5badf3415fece2cb84e3d1593877f45e930069650cce31d69b00177c7f8cf77f
SHA512

7041b36599290878b8b7b07fd1a4345ce667d5093abb7a3b2814c5015c052eaa78e5bc7566cdf4bb35c2226ca11211be8a759ba473372b94064c1736290caae1
SSDEEP

3072:Rlw8aFtgyKR4SpJVjspa319WJ719ruZHz4yBOxnZnBPLJAhyXm1En8gXciAB5r:RX+uyDWyarmh2zRAVLJAhom0dMRb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/9fd04eb7256cd879dc38ea0765ffc538b89e708ba30250f23d947c3713f97885.exe

Files

bf808afcc221165140ff57a5e31bdef2.bin
.zip

Password: infected
9fd04eb7256cd879dc38ea0765ffc538b89e708ba30250f23d947c3713f97885.exe
.exe windows:5 windows x86 arch:x86

Password: infected

d9461cba2555202112b06a068732496e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
SetDefaultCommConfigA
GetConsoleAliasesLengthW
GetLocaleInfoA
GetStringTypeA
InterlockedDecrement
CreateJobObjectW
SetVolumeMountPointW
SetCommBreak
GetModuleHandleW
GetTickCount
EnumCalendarInfoExW
GetConsoleAliasesA
ReadConsoleOutputA
GlobalAlloc
LoadLibraryW
FormatMessageW
GetStringTypeExW
lstrcpynW
GetTimeFormatW
SetConsoleTitleA
CreateJobObjectA
GetNamedPipeHandleStateW
SetLastError
GetThreadLocale
GetProcAddress
BuildCommDCBW
LoadLibraryA
WriteConsoleA
UnhandledExceptionFilter
RegisterWaitForSingleObject
SetFileApisToANSI
OpenJobObjectW
FindAtomA
GetModuleFileNameA
lstrcatW
OpenFileMappingW
SetCalendarInfoA
GlobalAddAtomW
FindNextVolumeA
LocalFileTimeToFileTime
MultiByteToWideChar
HeapAlloc
GetLastError
HeapReAlloc
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
ReadFile
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetModuleHandleA

user32

LoadIconW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d9461cba2555202112b06a068732496e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 172KB - Virtual size: 171KB

.data Size: 23KB - Virtual size: 31.1MB

.rsrc Size: 98KB - Virtual size: 97KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 23KB - Virtual size: 31.1MB

.rsrc
Size: 98KB - Virtual size: 97KB