44f43f42c9ea788b936ec3b5da2e3ad6[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

44f43f42c9ea788b936ec3b5da2e3ad6.bin
Size

733KB
MD5

75b6e8a0c38f7cd781bb16498884a509
SHA1

aa2a143efe4a05ca3ddd13d5eb64107f9a1d087e
SHA256

2911df08bef816c4e6610d892f0bd903d38f877d9866b86970dc0befbfdab819
SHA512

97fa3a3a5ceee8cb1275fcb39c339a482f3189029f9e26d108e077b9a3d6b9bc26cd421717822710939f45d87ae48802e54b288ee6e46d7a4f379c813d3b7922
SSDEEP

12288:P7ylp6zSuqBXHeLQYC2joo44MSQfNfF5DfF+5wHgW10zTBYsUh8ZZL:P7yl4gtem2jsrt385Ygh9Y2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bd3db35de8078184822ca8742025e6742deed410880360fd1361ec0ddc339067.exe

Files

44f43f42c9ea788b936ec3b5da2e3ad6.bin
.zip

Password: infected
bd3db35de8078184822ca8742025e6742deed410880360fd1361ec0ddc339067.exe
.exe windows:4 windows x86 arch:x86

Password: infected

708f232e472f8eef6981a507eea8665b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptHashData
CryptReleaseContext

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

api-ms-win-crt-convert-l1-1-0

mbrtowc
strtol
strtoul
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
strchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_endthreadex
_errno
_exit
_initialize_narrow_environment
_set_app_type
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal
strerror
system

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
_read
fgetwc
fputc
fputs
fwrite
getc

api-ms-win-crt-string-l1-1-0

_strdup
iswctype
memset
strcmp
strcoll
strlen
strncmp
strxfrm
towlower
towupper
wcscoll
wcslen
wcsxfrm

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset
strftime
wcsftime

api-ms-win-crt-utility-l1-1-0

rand_s

Sections

.text
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

708f232e472f8eef6981a507eea8665b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 791KB - Virtual size: 791KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 404KB - Virtual size: 403KB

/4 Size: 249KB - Virtual size: 249KB

.bss Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 60KB - Virtual size: 59KB

/14 Size: 512B - Virtual size: 304B

/29 Size: 62KB - Virtual size: 61KB

/41 Size: 6KB - Virtual size: 6KB

/55 Size: 28KB - Virtual size: 27KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 484B

/91 Size: 3KB - Virtual size: 2KB

/107 Size: 36KB - Virtual size: 35KB

/123 Size: 4KB - Virtual size: 3KB

.text
Size: 791KB - Virtual size: 791KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 404KB - Virtual size: 403KB

/4
Size: 249KB - Virtual size: 249KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 60KB - Virtual size: 59KB

/14
Size: 512B - Virtual size: 304B

/29
Size: 62KB - Virtual size: 61KB

/41
Size: 6KB - Virtual size: 6KB

/55
Size: 28KB - Virtual size: 27KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 484B

/91
Size: 3KB - Virtual size: 2KB

/107
Size: 36KB - Virtual size: 35KB

/123
Size: 4KB - Virtual size: 3KB