餐改6[.]exe | Triage

Sharing

General

Target

餐改6.exe
Size

1.3MB
MD5

e902a63f295f0241c530555e6f3f4d86
SHA1

0af89e3286b98bf6efcb823d5f55d82e2eebf244
SHA256

2570efe7ad98d35dd23bc3e6e3515b1b49f8fd8b7b4664b82a74bd95c4b00f9c
SHA512

b2b734650e8495bc9f115fad5f644d3b15c44b1cdf00d47c4ac809dffc4a93a133b5c70b9ec77c4ad6ab2883d8a4d6f993b39494f625e3c48a13efccff9452af
SSDEEP

24576:edl37/jvsOYh3UcMR+tZrgrYzCsyjjF7yDhPbDo958ivhv1reU+1/1uChZoPrA:ed5jsJ3U1gZ08zUB7yJfo9aifrXs/IE1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume8/餐改6/餐改6.exe

Files

餐改6.exe
.zip

Password: Sentinel1!
Device/HarddiskVolume8/餐改6/餐改6.exe
.exe windows:4 windows x86

Password: Sentinel1!

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 54KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ryefubmy
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wzxtvywb
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json