25bb99f9472501320af9cc8ff5db52c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25bb99f9472501320af9cc8ff5db52c2
Size

1.2MB
MD5

25bb99f9472501320af9cc8ff5db52c2
SHA1

341763fb00bf7f7f118f92beb7ef6aa99f85ba35
SHA256

786efab0e8fba366b41b5bf7b13545faf6e28864fb6256899c1b2bf48d3de8ca
SHA512

3262613d7353c27d2c7a59cd239a4462a724db1032ec596f9bbae9c9fb563091749443b657396af0403141147afbdb050da20a1c63b8050525e60aadd19be1c1
SSDEEP

24576:0+qKmprCAdtCA8q3RMk71z2QYg06XvdJCKJk1i8BoMrp7bj3:0V5rCutGWywzI0VJ3EZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/明仔中文网の卖Q程序/明仔科技.exe

Files

25bb99f9472501320af9cc8ff5db52c2
.rar
明仔中文网の卖Q程序/下载说明.htm
.html .js polyglot
明仔中文网の卖Q程序/新云软件.url
.url
明仔中文网の卖Q程序/明仔科技.exe
.exe windows:4 windows x86 arch:x86

74c8bf4a938fcfd1da0d91e7d39ead48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegSetValueExA

gdi32

StretchDIBits

user32

WaitMessage

shell32

ShellExecuteExA

ole32

OleInitialize

winmm

timeKillEvent

comctl32

ImageList_Draw

cabinet

FDIDestroy

Sections

CODE
Size: 40KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
明仔中文网の卖Q程序/版权说明.txt