0447a4c3ff214f78abe2cc13b5c2c565 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0447a4c3ff214f78abe2cc13b5c2c565
Size

179KB
MD5

0447a4c3ff214f78abe2cc13b5c2c565
SHA1

ac12c66109939cb1c06ea2556d5b08747f560a51
SHA256

39c2e86a7b5bf106929300be86916f52dfb5409e6b5aae7665a01070225d55a0
SHA512

688beb064aa51478e787f5ef9692f892c1d8f19877ad0fa81b31995e2989aecf0da1ce4a1ba3df8ab47895736e94283fd2984cc034dca43de4574b51c1312b69
SSDEEP

3072:U3b4GCoLXQowej2I2Xy7OP2nwUyZwt/bnX7g1OpE1cnszf40DVYerSlBMiPVC+6:Wb4iXPwejFwP2VyCtQaGRYeri

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0447a4c3ff214f78abe2cc13b5c2c565

Files

0447a4c3ff214f78abe2cc13b5c2c565
.exe windows:5 windows x86 arch:x86

62395f1c6dea147c8c75d7f982a6fe57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerW

kernel32

GetTickCount

Exports

Exports

��rainAgency@@00GPAUHINSTANCE__@@U_COMMPROP@@;F
?TrainEraser@@00GPAUHINSTANCE__@@U_COMMPROP@@;F
?TrainForward@@00GPAUHINSTANCE__@@U_COMMPROP@@;F
?TrainMove@@00GPAUHINSTANCE__@@U_COMMPROP@@;F
?TrainSimulator@@00GPAUHINSTANCE__@@U_COMMPROP@@;F

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ