685a990aaf6656fc4caebf4adffef38c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

685a990aaf6656fc4caebf4adffef38c
Size

377KB
MD5

685a990aaf6656fc4caebf4adffef38c
SHA1

2addbc919e966dd6d1ec7b1a0fc57c10d0de3b0a
SHA256

626899898336961b4344c645bb29d4db80637e0b55c53cd104a552a472d4ad63
SHA512

9f8a3fa5bd6f108d6d3e2ef6dca4ad062544603612f632195a167dab1608b8078109f651f2799de22fc9034d1861934ac76c7572d839d8ddc567c1908e141e1b
SSDEEP

6144:AWt0GjogQEPNgD0pi4ad1fCV0Z5/2fZvNEq2hF22UeIPTb42wiKaJbNQEKSbn5Uy:AWGGjOEGD0I4ar//0EHGeIP3Pwi5xKSj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ParaFocus_lic/ParaFocus.exe

Files

685a990aaf6656fc4caebf4adffef38c
.rar
ParaFocus_lic/Help.doc
.doc windows office2003
ParaFocus_lic/License.txt
ParaFocus_lic/ParaFocus.bmp
ParaFocus_lic/ParaFocus.exe
.exe windows:4 windows x86 arch:x86

52bcca0293a2e7268dc0bc2b29d8148f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

comctl32

InitCommonControls

Sections

Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ParaFocus_lic/ParaFocus.ini
ParaFocus_lic/ReadMe.1st
ParaFocus_lic/license.key