3003235244455682dd316defddb9369c[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

3003235244455682dd316defddb9369c.bin
Size

130KB
MD5

f55bf33f3a8fef706f3f8934e329a9a7
SHA1

a676d2174dc6722e9646045cf2e2cf443d53e35a
SHA256

983eb6ef570f9b40179c7845232684e59faeb261ff966c5dac708e640b356086
SHA512

42a356c081ee830d1e699c4a9bad63a7cada169a6198e9bc73f25a477d766d3ed4a6adc9f9e4cfc7b469ace0076ac6ce56e35136604baa8687d9cdfd80bbad1e
SSDEEP

3072:Mpka0TT42CZFq0mfSm7tUjXdGFpYgR0ZOs5cptvUUHUd:Kka0d5AAGgR0Zr8UUHUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3ec76b58400fa83602d35d82f38341d921223dcdf175b98bca435a59ba340464.exe

Files

3003235244455682dd316defddb9369c.bin
.zip

Password: infected
3ec76b58400fa83602d35d82f38341d921223dcdf175b98bca435a59ba340464.exe
.exe windows:5 windows x86 arch:x86

Password: infected

ea1618932e1586c666c9f7c347c4d255

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
LocalCompact
CreateHardLinkA
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetProcessHeap
GetConsoleAliasesA
GetConsoleCP
GlobalAlloc
GetSystemDirectoryW
SetFileShortNameW
LoadLibraryW
IsProcessInJob
FatalAppExitW
AssignProcessToJobObject
IsBadCodePtr
GetModuleFileNameW
CreateJobObjectA
GetLastError
GetProcAddress
PeekConsoleInputW
WriteConsoleInputW
VerLanguageNameW
LoadLibraryA
SetConsoleCtrlHandler
AddAtomW
HeapWalk
GlobalHandle
EnumResourceTypesW
SetEnvironmentVariableA
GetOEMCP
GetModuleHandleA
EnumResourceNamesA
GetFileTime
SetProcessShutdownParameters
GetDiskFreeSpaceExW
LCMapStringW
CreateFileW
HeapSize
FlushFileBuffers
FindVolumeClose
EnumDateFormatsExA
CreateFileA
HeapReAlloc
GetStringTypeW
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
ReadFile
MultiByteToWideChar
ExitProcess
SetFilePointer
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleMode
GetCPInfo
GetACP
IsValidCodePage
Sleep
RtlUnwind
SetStdHandle
IsProcessorFeaturePresent
WriteConsoleW
CloseHandle

user32

SetCaretPos
CharUpperBuffW
GetMessageExtraInfo
GetMenu
DrawStateW
GetSysColorBrush

gdi32

GetCharWidthI
GetCharABCWidthsI

winhttp

WinHttpOpen

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 32.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ea1618932e1586c666c9f7c347c4d255

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 45KB - Virtual size: 32.1MB

.rsrc Size: 57KB - Virtual size: 56KB

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 45KB - Virtual size: 32.1MB

.rsrc
Size: 57KB - Virtual size: 56KB