bd3250e50ebcd0a8a3cb4170581851c9[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

bd3250e50ebcd0a8a3cb4170581851c9.bin
Size

106KB
MD5

2a6a04c621f89eefa0730696fb7dc7d0
SHA1

9d2724140d081a67049eb4878c8e8f3c961215fb
SHA256

29b5d5bdea716d6ed3e685ea82cfdc8f563b711896fa09106e36fa92c30ca4ee
SHA512

8c45d3aa55138294437394dd32f35514fcc3489427bd9b7b886035b8bc5a465113eff4d58e14242905d582af796f4eb2028e74481a4ec4a6aff46e22ed564389
SSDEEP

3072:+iiDKXO0FScVNUzg2H2iGsRJ7iWJjbJadU6qGX:pieXOS2H6AmQ8db7X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d7db753381fdd9779be8db851e3f7a015a6f584ae4a15b546f6bac80ccfe01d7.exe

Files

bd3250e50ebcd0a8a3cb4170581851c9.bin
.zip

Password: infected
d7db753381fdd9779be8db851e3f7a015a6f584ae4a15b546f6bac80ccfe01d7.exe
.exe windows:5 windows x86 arch:x86

Password: infected

efbbe08ac446a6cba9cf4fbfa616f432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
GlobalDeleteAtom
OpenJobObjectA
GetLogicalDriveStringsW
GetSystemWindowsDirectoryW
GetCommProperties
GetModuleHandleW
GetTickCount
GetCommandLineA
GetSystemTimes
GlobalAlloc
Sleep
FormatMessageW
DeleteVolumeMountPointW
HeapCreate
WriteConsoleW
VirtualUnlock
FlushInstructionCache
GetShortPathNameA
InterlockedExchange
GetProcAddress
SearchPathA
GetNumaHighestNodeNumber
OpenWaitableTimerA
GetAtomNameA
LoadLibraryA
SetCalendarInfoW
HeapLock
GetCurrentConsoleFont
SetCommMask
FoldStringW
GetDefaultCommConfigA
lstrcatW
FreeEnvironmentStringsW
EnumDateFormatsW
SetFileShortNameA
DebugBreak
GetLastError
HeapFree
HeapAlloc
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
FlushFileBuffers
CreateFileA
CloseHandle
GetModuleHandleA

user32

GetActiveWindow
IntersectRect

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

efbbe08ac446a6cba9cf4fbfa616f432

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 153KB - Virtual size: 152KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 73KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 73KB

.rsrc
Size: 40KB - Virtual size: 40KB