929dab801bdd5bd9e5f0b240cc68964c | Triage

Sharing

General

Target

929dab801bdd5bd9e5f0b240cc68964c
Size

831KB
MD5

929dab801bdd5bd9e5f0b240cc68964c
SHA1

4ecc69ccba722b6a3b84aef335c720ccda60078c
SHA256

173283edd6b719bd87dc8089e5e02c84c1d173993fdfe3fb39cce87801abf85b
SHA512

0cd096af3468dd1d3b215fbde930e9030fe881769b8505f4e39ea0b9c95be28ada559e4e49e8ff645e1f3d665f1aadc3590714cfee75945477d96f6b9ebbb409
SSDEEP

12288:XxVlT2UVNNTuECDGBwgXkmjqD7OyXDTw99C0uc6YQiJsZKIqpvTIdhkk:fJPdOOGnjPwbCzJZBdhkk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BatchDoc596.exe

Files

929dab801bdd5bd9e5f0b240cc68964c
.zip
BatchDoc596.exe
.exe windows:4 windows x86 arch:x86

a3cd138f09c17f81fb64526d63cb2df6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
ExitProcess
DeleteFileA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
VirtualFree
CloseHandle
WriteFile
GetWindowsDirectoryA
CreateFileA
lstrcatA
CompareStringA
GetCurrentDirectoryA
lstrlenA
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

SetCursor
LoadCursorA
wsprintfA
ShowWindow
FindWindowA
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot