02a55739eea8576344a904980a6612fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02a55739eea8576344a904980a6612fd
Size

517KB
MD5

02a55739eea8576344a904980a6612fd
SHA1

3b6892f7e796fdc7c963ad7429492e19499eb2f4
SHA256

3467f4c1d4433ef3e086e0a30fada2938f4bb54b8e50859c87ec2c9ad4582a46
SHA512

a3aac7f74fa4579297aa66dcdf6af5efc36e76268050a46be30e86b920500ab97b7087545898459e5c4ec49ee68c071e8eac308f7d4419c5ba11276443168f75
SSDEEP

12288:6UwUWFBbSbJ5YLFSLtAcR9xL/1a8KEjmaL:6UwUy4J5WFUAcHxBFKoT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02a55739eea8576344a904980a6612fd

Files

02a55739eea8576344a904980a6612fd
.exe windows:5 windows x86 arch:x86

8918e2d8ca38139e61fcf3fd1da404ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfW

shell32

ShellExecuteW

winsparkle

win_sparkle_init

mmcodec

ord867

qt5widgets

??1QMenu@@UAE@XZ

qt5gui

??0QPen@@QAE@XZ

qt5xml

??1QDomNode@@QAE@XZ

qt5network

??1QLocalServer@@UAE@XZ

qt5core

??1QDir@@QAE@XZ

msvcp90

?_Lock@_Mutex@std@@QAEXXZ

msvcr90

free

advapi32

RegCloseKey

powrprof

IsPwrHibernateAllowed

version

VerQueryValueW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW

Sections

.MPRESS1
Size: 428KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE