fallofwindows[.]exe | Triage

Sharing

General

Target

fallofwindows.exe
Size

370KB
MD5

7f13152a4e20b2fac49a0bea102b6122
SHA1

5d46374164fcda53764237436f796a85a7f1b1d5
SHA256

a12bde3cc7f15db10dad98fb07c2aed5134fb34c711736547603f574c528185f
SHA512

5fcf2f4f90b3f6d7cccce53a477980383b8caf28c9a67fa3b1f553b0b5b5c187c001dfb126f4d65edeea92bfcf39a7297c8424c87472670386ed37fbeaad649a
SSDEEP

6144:f+6zEHbvCEXlRk/O0zfHWaBsdWTE8oBN2FkSel3F7SWelTD9Tb+XG+Uypqn2TlY:DEHbvCEVR6BzfvB7oBNYel3F7JeldTbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fallofwindows.exe

Files

fallofwindows.exe
.exe windows x86

691f1193f16065947032ace3a2329e55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

fabs

comctl32

InitCommonControls

user32

IsChild

gdi32

BitBlt

ole32

CoInitialize

shell32

ShellExecuteExA

shlwapi

PathQuoteSpacesA

Sections

.MPRESS1
Size: 363KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE