93d9031291d074ad45ea3dd132410144[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93d9031291d074ad45ea3dd132410144.bin
Size

58KB
MD5

93d9031291d074ad45ea3dd132410144
SHA1

4c769ac30fb72aa162366be574d043cf328daf75
SHA256

1ca6fe4c75c16fed18e49e8e26dc8ef9aaa83ff9ad50e3a9ed335d10a18245a5
SHA512

aa44002a0f37ff977457164655d8ebd95e662fdb934d686ee9ce2df29eb51da9c5f43c6d939446cf24aa63b3f5394dcc3541a7a50ec9ad464f96f8dbc29a87dd
SSDEEP

1536:EW5cXaKewBJB7Y5qnGMU0inxaaWa6NUo1vMmbU0OwhL/DZxVh:1CBew976qnGMU0ixaaLOUg+0xx3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win32.Sofacy.A

Files

93d9031291d074ad45ea3dd132410144.bin
.zip

Password: infected
Win32.Sofacy.A
.exe windows:5 windows x86 arch:x86

Password: infected

660deeb4dc96d5b4b03eea7148bb7b56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

kernel32

LocalAlloc
VirtualAlloc
GetEnvironmentVariableW
GetModuleHandleW
CloseHandle
WriteFile
CreateFileW
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
ExitProcess
VirtualFree

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ