1[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.bin
Size

4.5MB
MD5

2523f87fac2cc78509afd53ac997230b
SHA1

e70cf4929e5511cc0ac68a3bd187159581ddf180
SHA256

795be67775737d188b50344df242c8c27244380372f0397c0458db92322d58a3
SHA512

5aa0cf9b3b0c730f22ce312a170b15674006c7b4937753c281f36afd448ba0db005197a6842489fc7de77027cf170e4e55da0863a59e43166898118df57e7662
SSDEEP

98304:FBrfwMe3Rw8+/gH9eagUH2+S2S6nDyxHPy/DHZ2Ot4izWm1:FpwMe3Rw8+u4aV5DyxHKHJZ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.bin

Files

1.bin
.exe windows:6 windows x64 arch:x64

28d279121c495346d0794e63be1c7ed7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA

user32

OffsetRect

gdi32

SetPixelFormat

advapi32

GetTokenInformation

shell32

DragQueryFileW

ole32

CreateStreamOnHGlobal

ws2_32

socket

opengl32

glGetIntegerv

imm32

ImmSetCandidateWindow

wtsapi32

WTSFreeMemory

shlwapi

PathStripPathA

ntdll

RtlLookupFunctionEntry

wininet

InternetSetOptionA

urlmon

URLDownloadToFileW

gdiplus

GdiplusShutdown

Sections

.text
Size: - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s}T
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.5xc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.D}A
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28d279121c495346d0794e63be1c7ed7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

opengl32

imm32

wtsapi32

shlwapi

ntdll

wininet

urlmon

gdiplus

Sections

.text Size: - Virtual size: 859KB

.rdata Size: - Virtual size: 269KB

.data Size: - Virtual size: 291KB

.pdata Size: - Virtual size: 31KB

_RDATA Size: - Virtual size: 500B

.s}T Size: - Virtual size: 3.3MB

.5xc Size: 512B - Virtual size: 336B

.D}A Size: 4.5MB - Virtual size: 4.5MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 859KB

.rdata
Size: - Virtual size: 269KB

.data
Size: - Virtual size: 291KB

.pdata
Size: - Virtual size: 31KB

_RDATA
Size: - Virtual size: 500B

.s}T
Size: - Virtual size: 3.3MB

.5xc
Size: 512B - Virtual size: 336B

.D}A
Size: 4.5MB - Virtual size: 4.5MB

.rsrc
Size: 512B - Virtual size: 480B