9fb8cc095e016caf986f28f61a4334ca[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

9fb8cc095e016caf986f28f61a4334ca.bin
Size

4.0MB
MD5

1b3217c1f6edad15a4a710b250491e1a
SHA1

4a4e2a9ec8e00f8fbb6a770c28520c76c228535f
SHA256

e646654354077dea1088d07b784d4eb4c147817bfe2563d20cd804f3891efcca
SHA512

40e2e864379e0034b554488a1ed51219ddbfd6c214b7bf35ee7dc33a1418414d1a98f39ad06d77c4ee4dea141d92db7b6f23d2f8fd33b8cf42b6b8935f05395b
SSDEEP

98304:NBRj8WXrCnXDkskqLXpp6LIy9huC+gvLmkaXNGF:plXiXRvtYEWhXvloNGF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/369a92d10be574e4e96680100bba4bb8f1b94f23a129d04ce0cef93dbb4d92a1.exe

Files

9fb8cc095e016caf986f28f61a4334ca.bin
.zip

Password: infected
369a92d10be574e4e96680100bba4bb8f1b94f23a129d04ce0cef93dbb4d92a1.exe
.exe windows:5 windows x86 arch:x86

Password: infected

13222c684d764439230ed7e1d3748c9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CopyFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
rename
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

shell32

ShellExecuteA

user32

CloseClipboard
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData

Sections

.text
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp웃�
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp웃�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp웃�
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

13222c684d764439230ed7e1d3748c9a

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

user32

Sections

.text Size: - Virtual size: 17KB

.data Size: - Virtual size: 40B

.rdata Size: - Virtual size: 1KB

.eh_fram Size: - Virtual size: 4KB

.bss Size: - Virtual size: 112B

.idata Size: - Virtual size: 1KB

.CRT Size: - Virtual size: 24B

.tls Size: - Virtual size: 32B

.vmp웃� Size: - Virtual size: 2.1MB

.vmp웃� Size: 1KB - Virtual size: 1KB

.vmp웃� Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 189KB - Virtual size: 663KB

.text
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 40B

.rdata
Size: - Virtual size: 1KB

.eh_fram
Size: - Virtual size: 4KB

.bss
Size: - Virtual size: 112B

.idata
Size: - Virtual size: 1KB

.CRT
Size: - Virtual size: 24B

.tls
Size: - Virtual size: 32B

.vmp웃�
Size: - Virtual size: 2.1MB

.vmp웃�
Size: 1KB - Virtual size: 1KB

.vmp웃�
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 189KB - Virtual size: 663KB