b56d6ab051f14d159e44ec2b114a7880[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

b56d6ab051f14d159e44ec2b114a7880.bin
Size

411KB
MD5

75ebdd939c0eb7c77e69b67645e92937
SHA1

c5d895c1611b4b49ee59de72a635e8060d6acb0c
SHA256

0139635a60c845b4a702520294fd008c61e406d9cc2d1ff93d0c08702013ff26
SHA512

97ea17ee8d16f90f3cc6afad7dd38957b9c1fa8fa2baf2862cecf346b878940bee6178ae05a168afa38c5f08cb08ea04aee4c59fe9aa8fe2029a0cbb75632bc4
SSDEEP

12288:evOL9RptewfmYp5S7NricKexLTZwp/S4l:evOL9Xtteu5W+L1RSg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fbd81946e630cebcbab32fba27293c750e2acf676b6815180f8ffe0b202e52c4.exe

Files

b56d6ab051f14d159e44ec2b114a7880.bin
.zip

Password: infected
fbd81946e630cebcbab32fba27293c750e2acf676b6815180f8ffe0b202e52c4.exe
.exe windows:6 windows x64 arch:x64

Password: infected

bf90cd7a09ec12511a73e142ffebeaac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
SetLastError
GetModuleFileNameW
GetLastError
CreateFileMappingW
MapViewOfFile
CloseHandle
VirtualProtect
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
UnmapViewOfFile
GetSystemInfo
GetModuleHandleA
GetProcAddress
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
GetCurrentProcess
AcquireSRWLockExclusive
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
GetEnvironmentVariableW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCurrentThreadId
QueryPerformanceCounter

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
memset
memcpy
memcmp
memmove
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_initterm_e
_seh_filter_exe
__p___argv
_set_app_type
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bf90cd7a09ec12511a73e142ffebeaac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 391KB - Virtual size: 391KB

.data Size: 512B - Virtual size: 680B

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 94KB - Virtual size: 94KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 391KB - Virtual size: 391KB

.data
Size: 512B - Virtual size: 680B

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 94KB - Virtual size: 94KB

.reloc
Size: 1KB - Virtual size: 1KB