9ccfc9b35faf4c02d6d8c4d6430f94bb[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

9ccfc9b35faf4c02d6d8c4d6430f94bb.bin
Size

185KB
MD5

64c08815dfd0b40c2ee201bf4fea1398
SHA1

e24f692093d31521bf3636e85a7616b5b546d070
SHA256

8bff160da4a076aa92a27a0da6eff5911acd3e1461f7b6cf274fb7a35c984af0
SHA512

0519f8ef7bbd0d0291dcbe483c03af5294cf119359e44f33b73a0bc4e2854006f9159f9092edba8105fab8bd794c1e81a0892395f80ba3bdd030f13eaefca7c4
SSDEEP

3072:Yo1RxC9Y276livzDK8d9uSb0in/o1qwETabM1ErekqbjB0Xz6RIlsqRDmItHpqJE:Y4xialivzJ9JQ1qzTeRqbGzeIG0pqSSI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739.exe

Files

9ccfc9b35faf4c02d6d8c4d6430f94bb.bin
.zip

Password: infected
17755d80106436dddce6838115080879d71e018056ed2f72470ff8ddb7a48739.exe
.exe windows:5 windows x86 arch:x86

Password: infected

371f652fdd8e6836c241a37f6252659c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GetNumaNodeProcessorMask
SearchPathW
DebugActiveProcessStop
GetDefaultCommConfigW
CallNamedPipeA
WriteConsoleOutputW
HeapAlloc
InterlockedDecrement
GlobalSize
GetEnvironmentStringsW
CreateDirectoryW
GetComputerNameW
GetModuleHandleW
GetConsoleAliasesLengthA
GetUserDefaultLangID
GetCommandLineA
GetSystemTimes
GlobalAlloc
LoadLibraryW
GetConsoleAliasExesLengthW
LeaveCriticalSection
SetConsoleMode
SetConsoleTitleA
InterlockedExchange
GetStartupInfoA
GetLastError
GetProcAddress
SetStdHandle
GetNumaHighestNodeNumber
LoadLibraryA
UnhandledExceptionFilter
WritePrivateProfileStringA
QueryDosDeviceW
FindNextChangeNotification
FoldStringW
GetModuleFileNameA
FreeEnvironmentStringsW
VirtualProtect
FindAtomW
CopyFileExA
MultiByteToWideChar
EncodePointer
DecodePointer
ExitProcess
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
HeapFree
RtlUnwind
HeapReAlloc
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
CloseHandle
WriteConsoleW
SetFilePointer
CreateFileW

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

371f652fdd8e6836c241a37f6252659c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 20KB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 94KB - Virtual size: 94KB

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 20KB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 94KB - Virtual size: 94KB