MDE_File_Sample_6ff202eff91c52674d38e4e643db87b70b60cb660ca68974fa6e5a38e9188566[.]zip

General

Target

MDE_File_Sample_6ff202eff91c52674d38e4e643db87b70b60cb660ca68974fa6e5a38e9188566.zip
Size

48KB
MD5

bb15746e9087e940e3514b650fefd66d
SHA1

6b2f7951c05c3c1509621ba42b614cf381a7e4b2
SHA256

710c3ca8b3b4645a80e068e2ffe0c7b0f6bc9c03b494775060341b5332ff22be
SHA512

fcbe3d0e990763278ce8cffef40ada955fe9f460a44211748802a79ae73b8e9418da7e76b22d972e39ad0b05e457fee1a0a2c2ae9e6f0e9e33ac318e8864168e
SSDEEP

768:n84N3inhMhQLfW1NTNos/ytGd/hCGoWPDFbcuQhWJ9SOaKFNr2qb8VJDXe6IuFsd:+bLfWjTNq4dMTWPNcnhWJHaiAn7DeCY

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Patch.exe

MDE_File_Sample_6ff202eff91c52674d38e4e643db87b70b60cb660ca68974fa6e5a38e9188566.zip
.zip

Password: Protit
Patch Fix.zip
.zip

Password: Protit
Patch.exe
.exe windows x86

Password: Protit

35046c3cc81f6be4b985f4a75fef0f4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CharNextA

oleaut32

SysFreeString

advapi32

RegSetValueExA

version

VerQueryValueA

gdi32

SetTextColor

msimg32

AlphaBlend

ole32

CoTaskMemFree

shell32

SHGetPathFromIDListA

winmm

waveOutWrite

comdlg32

GetSaveFileNameA

imagehlp

CheckSumMappedFile

Sections

CODE
Size: 41KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE