fa7383138b89d723bf99d6b40e9758ae[.]bin

General

Target

fa7383138b89d723bf99d6b40e9758ae.bin
Size

230KB
MD5

1e64c7b82541cffdf3c07e2c31f7cda0
SHA1

110d75ed58d9dec190a052c727d857931c062bbe
SHA256

30f369545192f89f2be9e17a9c9335e6d9725104253a8f2e5dbe2a00c36ab589
SHA512

282da4e10053f9aea93ccd71f6e774173aa9d258fdd1cb6e7725bb56ddac005ef1cd320e3bbe49ccbb5eebde67384c1169ff2ea5f0a4464a907ddb619cc82ef2
SSDEEP

6144:7dc+KMFFNL3o6lB2anQDeRwqT+nU/fZh5Ogzlh9EzyoYW:7d4MFvLL2dDeR0GZhlREQW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe

Files

fa7383138b89d723bf99d6b40e9758ae.bin
.zip

Password: infected
0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe
.exe windows:5 windows x86 arch:x86

Password: infected

e2211dd993c9459fb7efc8776b8ed688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetComputerNameW
GetTickCount
GetWindowsDirectoryA
GetUserDefaultLangID
TlsSetValue
GlobalAlloc
LoadLibraryW
AssignProcessToJobObject
lstrcatA
GetACP
IsBadStringPtrA
GetLastError
SetLastError
GetProcAddress
SetComputerNameA
BuildCommDCBW
GetDiskFreeSpaceW
LoadLibraryA
InterlockedExchangeAdd
FoldStringW
FoldStringA
GetModuleFileNameA
FindFirstVolumeMountPointA
LoadLibraryExA
OutputDebugStringA
WriteProcessMemory
HeapFree
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapCreate
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
CreateFileW
CloseHandle
GetStringTypeW
LCMapStringW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e2211dd993c9459fb7efc8776b8ed688

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 150KB - Virtual size: 207KB

.rsrc Size: 178KB - Virtual size: 177KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 150KB - Virtual size: 207KB

.rsrc
Size: 178KB - Virtual size: 177KB