4873dec39296c80c3863e04149e492bb[.]bin | Triage

Sharing

General

Target

4873dec39296c80c3863e04149e492bb.bin
Size

1.7MB
MD5

c8b5f9d28c8d9102f5da5839763309ef
SHA1

64f7465a2fc63f591fd5b4d56583c95b7c9fa10a
SHA256

dc42d99a4a5fdc6e39e6f391ebd351259eec6c1e2c506fa9bd912bf49a481e3a
SHA512

5bfd44dadd1bf3d2e6ca0233772c65a5f2787e044a9efd06b8c12d84033580f04325dc6b24cdf74fd88113fdcca06aa37fca895f8d568f3f8b4fc709f485a73c
SSDEEP

49152:s5rv2jFDcQAn6PhdR4sYPMpe3Ul3o5y3k:sV6FO6P+WEco5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/172e1e49642648745fefdbebd4c76c41049a4f0edd14eeb7904b709f0add5cbc.exe

Files

4873dec39296c80c3863e04149e492bb.bin
.zip

Password: infected
172e1e49642648745fefdbebd4c76c41049a4f0edd14eeb7904b709f0add5cbc.exe
.exe windows:6 windows x86 arch:x86

Password: infected

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dckdxrcr
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ilcchisc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE