xnpocket_arm_fr[.]exe | Triage

Sharing

General

Target

xnpocket_arm_fr.exe
Size

725KB
MD5

dbe7aa279c53f13c765d0ca4bb42a4c2
SHA1

d42b3c7162c39a09def9377d237c0c2c32089c28
SHA256

c24705179636efc8a569022d062810f2140f8969bd6b5f8894e7f909f2b75f4f
SHA512

f1c769f68060864b11d6e7bb4465050727b5b0d29b9d4dbb032b94c88b86850442d433bd4aac02a84c2c19ad5de5604e6aa076affdac7db9582cf47f68529b21
SSDEEP

12288:BtPwuESbdjDPM5ka23T7UMJHIROWHtHXD26CekMWk6xcorrgkQvwj:Btz9DUqT7UhXNH51kM5ucorsBu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xnpocket_arm_fr.exe

Files

xnpocket_arm_fr.exe
.exe windows x86

70b3800082f9a077e556146680a8da82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
DeleteFileA
Sleep
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStartupInfoA
LockResource
lstrcpyA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA

lz32

LZCopy
LZOpenFileA
LZClose

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 722KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ