478124644da5f82d2c803238a413cd96[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

478124644da5f82d2c803238a413cd96.bin
Size

1.1MB
MD5

9bc1879a230a1d6943fba0d2507f71b4
SHA1

fdefa97bb694d64f8b1265d77fb44d74fc2de949
SHA256

935980d7b2bc776729fd94a587f160dd6838d297ff83bbc8ea4a5fb43042005b
SHA512

bbe09d7ad9028d0a8dd597b7a3aef640426f1fb98fe2b01da90671be9d8425517276a83b19b31267324f96d53c94d0bc9edc70ddb8de8685a62e0865e57ec52a
SSDEEP

24576:FdvCFieOmfz+MLkOsJmpHYdkNWL3vfbDIz0dEYeVBQCgNQz35v:DU7zlAmFW6WzvDDa0dEYxC/r5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/33083ee177bd4115c68c1ef987ab692855fbd1b621a852239a125a32a8775d1f.exe

Files

478124644da5f82d2c803238a413cd96.bin
.zip

Password: infected
33083ee177bd4115c68c1ef987ab692855fbd1b621a852239a125a32a8775d1f.exe
.exe windows:4 windows x64 arch:x64

Password: infected

45139a94dafe252fbbb16ac605dbb6f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegQueryMultipleValuesA
RegQueryMultipleValuesW
RegQueryValueA

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCommandLineA
GetLastError
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__initenv
__set_app_type
__setusermatherr
_acmdln
_commode
_fmode
_initterm
_ismbblead
_onexit
abort
calloc
free
memcpy
memset
strncmp

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 407KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

45139a94dafe252fbbb16ac605dbb6f7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 47KB - Virtual size: 46KB

.rdata Size: 40KB - Virtual size: 39KB

.pdata Size: 24KB - Virtual size: 23KB

.xdata Size: 18KB - Virtual size: 18KB

.bss Size: - Virtual size: 407KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 312B

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 47KB - Virtual size: 46KB

.rdata
Size: 40KB - Virtual size: 39KB

.pdata
Size: 24KB - Virtual size: 23KB

.xdata
Size: 18KB - Virtual size: 18KB

.bss
Size: - Virtual size: 407KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 312B

.reloc
Size: 1024B - Virtual size: 932B