1cb8ebf478d10a30e60222311949a9eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cb8ebf478d10a30e60222311949a9eb
Size

780KB
MD5

1cb8ebf478d10a30e60222311949a9eb
SHA1

6e04336dcb4096517609e6bad90d7bd2edbd5b95
SHA256

63e10322e0e8abb4b7b899d48d37649172c896761493fdc47379e6056168a61c
SHA512

5dac9f3c1037d79fc91d4d00f3072f9fc43f54ae55837de049eb8e6b37fe7564a27c7af140b2340179b2e2dab43b3a503a1ee0c210514ef3b8f90e8d0d8212c4
SSDEEP

24576:uO3tDcd96Cc2CrXUyvMmZhTbZnnXaxfQnDEvwdr5S:uO3bMCrXJvP5nKKnD/S

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/班主任手册/工作手册.exe
unpack001/班主任手册/工作手册演示版.exe

Files

1cb8ebf478d10a30e60222311949a9eb
.rar
下载说明.htm
.html .js polyglot
班主任手册/下载说明.htm
.html .js polyglot
班主任手册/工作手册.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 725KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
班主任手册/工作手册演示版.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 638KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
班主任手册/班主任手册文档.rar
.rar
bhhy
班徽.jpg
.jpg
班训.jpg
.jpg
班主任手册/说明文档.txt