1bd2496bbfc905b348cdc4a03a5e2a2d | Triage

Sharing

General

Target

1bd2496bbfc905b348cdc4a03a5e2a2d
Size

1.3MB
MD5

1bd2496bbfc905b348cdc4a03a5e2a2d
SHA1

f566a732624b930ed1129c2a7a9337adc4446d2b
SHA256

4e54dc7d00e63b8901033c1cef171a74ec75546ea6ba61e8b4c5a111dcd70150
SHA512

536b5c7cff7e6b7a9781b655b1a31b2b9d07236872b92c5435ebbc3c19737743996fb8b0d250446ff62a94a5875e2374f0082fde56f6041eacdf7a8c1ec27f07
SSDEEP

24576:WamVsU63JBFx/2yMx8vSNV7q4+1gDRBUnIAp4YDWoQxRqEew7rXj18qZ6xRE:Lmq3JB//Mx/f7e1gDEnIAp4YVfw7f18K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IIS日志分析工具v3.5.exe

Files

1bd2496bbfc905b348cdc4a03a5e2a2d
.rar
IIS日志分析工具v3.5.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 268KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 168KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url