3c42b19bd9fba40e78c1247549f50cb8[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

3c42b19bd9fba40e78c1247549f50cb8.bin
Size

65KB
MD5

1a1e2305ab112f1e90573a282e975e88
SHA1

2e740aa7938bdcf6ce9350a534bf15b76ce84734
SHA256

95bb7b9cc95af5c03d588c47cafab265f1e71a5d77bd9e5a687e97538ea3f48b
SHA512

a2e8640915f9554f3d9deb7ad8827240a332e42a4ea051bf0e00c25f65cc4b36cf8207ad12af436bd1dca3843b4f6c6e17b7fc6be3d2fd51b52fd410490f32e7
SSDEEP

768:8V9MOGdVUrLCYRUNmzXlKzjA8snmPLAvOB2r1Y/2xXAeoCEd8k1QU2iMQgYTKrXy:8V9J9zVy8aM1H+CEak152iMQgYmPmpe6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/12e46e6e8e19a7950a8d368f96e433446bd33f65d24bdba1f2dd211dd2ec814f.exe

Files

3c42b19bd9fba40e78c1247549f50cb8.bin
.zip

Password: infected
12e46e6e8e19a7950a8d368f96e433446bd33f65d24bdba1f2dd211dd2ec814f.exe
.exe windows:6 windows x64 arch:x64

Password: infected

028fc18b273a725ba3c6929df9f4cda1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetProcessHeap
HeapWalk
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
VirtualProtect
GetProcAddress
LoadLibraryA
GetProcessAffinityMask
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
Thread32Next
GetVersionExA
VirtualQuery
IsBadReadPtr
Module32First
Module32Next
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
GetStringTypeW

user32

MessageBoxA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

028fc18b273a725ba3c6929df9f4cda1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

setupapi

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB