Toolbar[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Toolbar.exe
Size

206KB
MD5

ab8c5ce2e5fbb04d4f986a066e5098d6
SHA1

68e06c74423a58213ae9fc31ac0217034f7af5aa
SHA256

c930d98843dba3732b30aa6ca4f73a9a95f9be620e3e342f0e3f8b53a8be185c
SHA512

9d7b4e80da7a90ec9f5bf7882d9247a4264651eff98874dfc4e253032645e898f730258ea86c92ef8f9b54362fcf4bcd2028a0ffb208ce9d9bab5196bdead8e5
SSDEEP

3072:8YHUmCX0ISx9i/jk3+6UAb5HtSLRoi0OA15hX2Lk8FWaoxPeFuAuas57SJIyl1fG:90mCJoiQVv5HwLRvDATBMXrLuastqbG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Users/haseebp/AppData/Local/Temp/NER6790.tmp/Toolbar.exe

Files

Toolbar.exe
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Users/haseebp/AppData/Local/Temp/NER6790.tmp/Toolbar.exe
.exe windows x86

Password: S@ndb0x!2023@@

aac60df60ca85a65dc1aa5d99d8cccdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
lstrlenA
GetTempPathA
RemoveDirectoryA
SetCurrentDirectoryA
EnumResourceNamesA
GetUserDefaultLangID
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetPriorityClass
GetCurrentProcess
GetCommandLineA
lstrcmpiA
DeleteFileA
SetFileAttributesA
lstrcatA
GetStartupInfoA
ExitProcess
GetModuleHandleA

user32

CharNextA
wsprintfA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json