2fbfc79462b64751c339f0b0297c748f[.]bin

General

Target

2fbfc79462b64751c339f0b0297c748f.bin
Size

137KB
MD5

dc72dd122323f1ca140aa2c717226b9d
SHA1

34d5ea71695f5b73183e460ba9d984ca93cd34bf
SHA256

a6e9f5047539b5b58bf39795f2224f1a5a92debdf5f6786591cf989ebe7d095d
SHA512

8fe3b2048c167365f4981b8f4b6c37f053869c8c4f41c114cb51e6bbd05caa425419a9256c3eee14eb5e62bff23b8331849fea47124d4a4980051e878dd786ab
SSDEEP

3072:bf33Sm6QJflZzIPgFOkLmwLVpJgUk9pudj7S7lffLFOdgTae:D3CmLRbIIw7Y0Uk3k3S71zFO2We

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b7658a9c50bf8ee549193723e56b6500d4a193a5eb8e10871c67956d5d4e835.exe

Files

2fbfc79462b64751c339f0b0297c748f.bin
.zip

Password: infected
2b7658a9c50bf8ee549193723e56b6500d4a193a5eb8e10871c67956d5d4e835.exe
.exe windows:4 windows x86 arch:x86

Password: infected

547d55964e9333c3057788d5c4e8169f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\google_prj\src\tiger4_v3_2.pdb

Imports

kernel32

LockFile
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
VirtualQuery
RtlUnwind
HeapReAlloc
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
Sleep
GetCPInfo
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
WriteFile
MultiByteToWideChar
GetLastError
GetModuleHandleA
GetProcAddress
ExitProcess
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FormatMessageA
LocalFree
GetDiskFreeSpaceA
lstrlenA

msvcrt

puts

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

547d55964e9333c3057788d5c4e8169f

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

Sections

.text Size: 80KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 321KB

.rsrc Size: 56KB - Virtual size: 52KB

.text
Size: 80KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 321KB

.rsrc
Size: 56KB - Virtual size: 52KB