e468cade55308ee32359e2d1a88506ef[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e468cade55308ee32359e2d1a88506ef.bin
Size

368KB
MD5

6152a056260eb445c3c7fd561655cf0d
SHA1

3cb66348d55516c4a13bfb0f35ffb78924010033
SHA256

849397255675a42a46658f63cd17974c886eed3aed1cdcfd0cb6d4d8d893dea7
SHA512

928065b02ad2b21108fe58b28d8189cb3c4ecf1395de6057243e045dec899994d53da56f92d76b087c851502413ee52dd1b5e3e0e4ba16f24b738d839247c9fe
SSDEEP

6144:IG5Wrmsv0p84MjJHYXyexk7mzg3evTG8QVGbMcqKpStxpB5LW/nnJ9RFLVQaQ7hx:0rmsv0PU6XyKkUguvTGvSbHpStUnnJLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb.exe

Files

e468cade55308ee32359e2d1a88506ef.bin
.zip

Password: infected
f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb.exe
.exe windows:6 windows x86 arch:x86

Password: infected

23166a43462b7b4cedcdb2671cf7e0b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileA
LoadLibraryA
CloseHandle
GetProcAddress
GetFileSize
FreeLibrary
MapViewOfFile
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
HeapValidate
HeapSize
MultiByteToWideChar
LocalFree
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
DecodePointer
DeleteFileA
CopyFileA
SetCurrentDirectoryA
WriteConsoleW
GetConsoleCP
GetStringTypeW
SetStdHandle
Sleep
GetShortPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
SetEnvironmentVariableW
SetFilePointerEx
GetConsoleMode
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

ImpersonateLoggedOnUser
LogonUserA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

crypt32

CryptUnprotectData

Sections

.text
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

23166a43462b7b4cedcdb2671cf7e0b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

crypt32

Sections

.text Size: 574KB - Virtual size: 573KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 574KB - Virtual size: 573KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 15KB