pco49r3ngd8[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pco49r3ngd8.exe
Size

21.5MB
MD5

4fe47514771b73476ab09a7141d63339
SHA1

ce4ef5e197d5e6f19ba707b71967c7ded2ed844a
SHA256

a18f531be0244091c737e269ce0469ecbf863f48adf00e03718bcd9f915fc558
SHA512

b7c90975e8fccbdc51e3823b54c25bb8c0dfd28e580548cf500194c888377e61ca69426ada3d1bdeb350a802c007114aa8a8df1d0bc8d86d9248f2ecb99948a2
SSDEEP

393216:8M1I80CaTVm9GKd+6fHkswckhQOcjPFGHVfsVBXNEnbDMVnZ9gItKL1cN:Y80C1vH4hQOCIHVfOQnbDynfgItIeN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pco49r3ngd8.exe

Files

pco49r3ngd8.exe
.exe windows x86

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

LockResource
lstrlenA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
lstrcpynA
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrcatA
lstrcpyA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE