Xpand[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Xpand.exe
Size

102KB
MD5

91f283614916e3e3fe95cfb92d636ef2
SHA1

81ea61d83948955d4077ab903ecce9df7c60729f
SHA256

85e4be7678794b4ec0fbcc048e76a93eea46d9a65fd688d28a8ba3f3fa925146
SHA512

d866af46e5d97ca76f686c163094f17dc9d44aec82eae88045812aacc4637ddbdc2703a4bd44ed6160cd8f08c1b06c203337a4bc04b53b0c3dedacb666d6496d
SSDEEP

3072:2N2STVtK2qZJheK/hDGZHH2kMSGoqyjC:QlAXeK/hDwrF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Xpand.exe

Files

Xpand.exe
.exe windows x86

103bad249b360125529cae039d4dac04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCurrentDirectoryA
lstrlenA

shlwapi

SHSetValueA
UrlCreateFromPathA

user32

MessageBoxTimeoutA

Sections

.code
Size: 512B - Virtual size: 165B

IMAGE_SCN_MEM_EXECUTE

.data
Size: 1024B - Virtual size: 524B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 302B

IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_MEM_READ