df738d4bbe1bc7cd8b4bc8b1b136aade[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

df738d4bbe1bc7cd8b4bc8b1b136aade.bin
Size

240KB
MD5

7d98500382984fcef8f1f3358de078d0
SHA1

c744e069bc44e991fed4e9b2f7eb77b8dcedf886
SHA256

42371dff4ddd36084a436fce5b73dd937e3ae1ce317a874fdc73f6e26de2da9a
SHA512

8f3bff6e365599d4b84b31efab9d45a49cbdbd6fc481bc4e9b04e6b1d62b0c7b976cdc5c959f7a314643782dc4a7b5d8b2f4c41072dd8e2fa87b29d14e7193e5
SSDEEP

6144:D9wKvu5Pf4usgfLK8QtDRJQXkrBm6zp4fZIX3Bze:hxG5xtfLKDtDYEtOZ89e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/62469fe28764545471f447f88db812a162e9fe0af09f93b343c192a306600743.exe

Files

df738d4bbe1bc7cd8b4bc8b1b136aade.bin
.zip

Password: infected
62469fe28764545471f447f88db812a162e9fe0af09f93b343c192a306600743.exe
.exe windows:5 windows x86 arch:x86

Password: infected

db696a3c536981336db0f941d037325e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetCurrentProcess
SetEnvironmentVariableW
SetComputerNameW
GetComputerNameW
GetTimeFormatA
CreateNamedPipeW
GetCurrencyFormatA
GetConsoleAliasExesW
EnumTimeFormatsW
TlsSetValue
GetEnvironmentStrings
GlobalAlloc
SetFileShortNameW
GetLocaleInfoW
ReadConsoleInputA
GetCalendarInfoW
SetVolumeMountPointA
GetFileAttributesA
CreateSemaphoreA
GetModuleFileNameW
CreateActCtxA
GetShortPathNameA
CreateJobObjectA
VerifyVersionInfoW
ClearCommError
GetLogicalDriveStringsA
GetLastError
GetCurrentDirectoryW
SetLastError
GetProcAddress
DefineDosDeviceW
EnumSystemCodePagesW
FindClose
LoadLibraryA
InterlockedExchangeAdd
CreateHardLinkW
GetNumberFormatW
GetCommMask
FoldStringA
EnumDateFormatsA
GlobalUnWire
OpenEventW
GetShortPathNameW
GetDiskFreeSpaceExA
GetVersionExA
ReadConsoleInputW
GetTempPathA
LocalFree
SetFileAttributesW
LCMapStringW
CreateProcessW
CommConfigDialogA
InterlockedExchange
GlobalCompact
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetStartupInfoW
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapSize
TerminateProcess
IsDebuggerPresent
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ReadFile
GetModuleHandleA
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
RaiseException
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA

gdi32

CreateDCA
GetCharWidth32A
GetCharWidthI

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.niho
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xamad
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

db696a3c536981336db0f941d037325e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 294KB - Virtual size: 293KB

.data Size: 24KB - Virtual size: 70KB

.niho Size: 1024B - Virtual size: 1024B

.xamad Size: 512B - Virtual size: 214B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 294KB - Virtual size: 293KB

.data
Size: 24KB - Virtual size: 70KB

.niho
Size: 1024B - Virtual size: 1024B

.xamad
Size: 512B - Virtual size: 214B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 5KB - Virtual size: 5KB