2a849962c04be44cce3e29408cbc4ab7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a849962c04be44cce3e29408cbc4ab7
Size

3.5MB
MD5

2a849962c04be44cce3e29408cbc4ab7
SHA1

d0eb8cfc0e29022ec033867caf08cc55f9b856f6
SHA256

258037970301da76ba35b296953d0c44983bed094d5cea962b7d99130b9d2e52
SHA512

959b63d9fe3957e3b64666500bcfb0c73698bcc61f5c039f2219085e31010c2caa6c508014cce1ccbab96547f3692d4fcaa0e6bc1aeafd807397974a4c32ea43
SSDEEP

49152:apeqLvVQEagepH7opxwAF1EqqhSceedOowTDXaI9A95Bhc1TFVTvlv0y0eAG94we:apHLujH78xREqkd6qIG9PAVTeev4J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nl_setup_beta.exe

Files

2a849962c04be44cce3e29408cbc4ab7
.rar
nl_setup_beta.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url