402069dfe1e61affd7e9aad305407309[.]bin | Triage

Sharing

General

Target

402069dfe1e61affd7e9aad305407309.bin
Size

748KB
MD5

3e70a103eb0ec43a25d57232c690d54e
SHA1

dac288b3c1402b0752eb6e50fd8a3ef008dcd098
SHA256

7da604f7683281120af4faa7cf13ff22f7e5b431f1ecdff61b5074a76d14047c
SHA512

9783aade3507ed0aaddee6d99411aebe0f0246523365386f43dc95814adf8fa4a6edd7feb6e067672af40de1b1068e175acd70c2570d772fab1cb2b5e4a730c8
SSDEEP

12288:XYmAwJWRR1n+3/Itup81QHaMqEIwF8B2/nLFnq4ZtmvHE6ZwiHIS0DKpX/96kCSj:XYmtJkD+vItupUQ6lEIwF02/nLlq4nNe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/13b46cda71390333bd4541aad86da1c8e8917553e5a28344eb9c462dbd4ba779.exe

Files

402069dfe1e61affd7e9aad305407309.bin
.zip

Password: infected
13b46cda71390333bd4541aad86da1c8e8917553e5a28344eb9c462dbd4ba779.exe
.exe windows:5 windows x86 arch:x86

Password: infected

1343ca50d234527bf272645d6db0664b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

OleLoadPicture

Sections

.MPRESS1
Size: 702KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE