10515160acd3b1a7989e599743a115f8 | Triage

Sharing

General

Target

10515160acd3b1a7989e599743a115f8
Size

1.3MB
MD5

10515160acd3b1a7989e599743a115f8
SHA1

ac1475320104e51bc23e94614c9192488de2cdfb
SHA256

0cadbccb5700bdd10d10e4be0be7f2bc813bd5988417adbf64f554a12dbdd436
SHA512

d47cdbba9b9566f1e33bad344099d3e9b8e11aeb4180c36ca8a98956f60930b7300c0961403500d6c01f7afd8e5252e6a725835c0d04752fe72b6f3524ba8f4f
SSDEEP

24576:sVX4dfpJhGrfyaE4fnDAAlh+5vzHVq19iQgPHgDgzZiZMzoMPg:sVIdBJhGrfyabDxlh+xz1C9ePUSPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FTPdownload.exe

Files

10515160acd3b1a7989e599743a115f8
.rar
FTPdownload.exe
.exe windows:4 windows x86 arch:x86

eab4ae5f4bdfa1db6130a6d5dccb6071

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

HttpAddRequestHeadersA

advapi32

RegCloseKey

version

GetFileVersionInfoA

wsock32

WSACleanup

winspool.drv

ClosePrinter

comctl32

ImageList_Add

comdlg32

ChooseColorA

gdi32

BitBlt

shell32

SHBrowseForFolderA

user32

ActivateKeyboardLayout

winmm

PlaySoundA

imm32

ImmGetContext

ole32

CLSIDFromProgID

oleaut32

GetActiveObject

oledlg

ord3

Sections

.text
Size: 1.3MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url
软件介绍.txt