fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced[.]bin[.]sample[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.zip
Size

77KB
MD5

3dc6ee5172da5104ae7f4fde1d423ae0
SHA1

f32eecc95cff715556ef88a7408cf226098e5760
SHA256

5079098ff83dc3ecd4e990de8bf8c741bcd47ed2c84a32f61633cc35cf42f0ba
SHA512

3c3159717604e5af77eb58d246fd8397d4f425870a988e3d7badfd8fc0dc1a24068abec6f2a15492a7525ac5f781c9f1a6508020ce577ce57d2492903d7a0123
SSDEEP

1536:kwyegpO9YwMeUpZB+M/6ZGseum/tulB0/7JBDXnVqRvoZ8uK6KHtkh:yPpiZMy3XqMlG/7DrcRvoDKrt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.bin

Files

fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.zip
.zip

Password: infected
fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.bin
.exe windows:5 windows x86 arch:x86

ad552d8979ed4d3a1a4e7e7a4f485fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
ReadFile
GetFileSizeEx
InterlockedDecrement
TerminateProcess
WaitForMultipleObjects
GetQueuedCompletionStatus
GetFileAttributesW
OpenProcess
PostQueuedCompletionStatus
SetFileAttributesW
GetSystemInfo
SetFilePointerEx
MoveFileExW
GetCurrentProcessId
InterlockedIncrement
CreateIoCompletionPort
lstrcmpiW
GetTempPathW
LoadLibraryW
GetProcAddress
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCommandLineW
WriteConsoleW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindNextVolumeW
lstrcpyW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
CreateThread
CloseHandle
InterlockedExchangeAdd
lstrcatW
GetLastError
Sleep
HeapFree
CreateFileW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindClose
lstrlenA
DeviceIoControl
FindFirstFileW
WriteFile
lstrlenW
FindNextFileA
FindFirstFileExA
FindNextFileW
FindFirstVolumeW
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetLastError
RtlUnwind
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetACP
HeapAlloc
CompareStringW
LCMapStringW
DecodePointer

user32

SystemParametersInfoW
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
DrawTextA

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
CreateFontW
DeleteDC
SetTextColor
SetBkMode
SetBkColor
DeleteObject
BitBlt

winspool.drv

WritePrinter
EnumPrintersW
EndPagePrinter
StartDocPrinterW
OpenPrinterW
StartPagePrinter
EndDocPrinter
ClosePrinter

advapi32

CryptGenRandom
RegOpenKeyW
RegCloseKey
RegSetValueExW
CryptAcquireContextW

shell32

CommandLineToArgvW
SHEmptyRecycleBinA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ad552d8979ed4d3a1a4e7e7a4f485fa1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

crypt32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 4KB