4a9b355e93603d5286df1b8abf327f3c

General

Target

4a9b355e93603d5286df1b8abf327f3c
Size

1.4MB
MD5

4a9b355e93603d5286df1b8abf327f3c
SHA1

c205beba5ab16ffaf3f577f45552571bc8366eea
SHA256

46ce66e75a5019f531e6da515b25700e0e51d3fbcaa7b61648447c86df607b0d
SHA512

8cf3af4e464d26f4c861bfe6aaa3429c1f3ef33ecc7027f76ba96495a0ca92dba6962f5d64b2aa2a911372f4ac7a95e57c0fe8c76c1464522d594ea45f8246fb
SSDEEP

24576:dZ9qCwG6bGie0OOMDQP9uFuAOgq4Tnfzq2Vt33U3OSfNLMJG52lYBkpXy:dZ8R1qdBOsFfq4Tnlt5SfNx26BkpXy

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Patch.exe
unpack001/artcurs.exe

Files

4a9b355e93603d5286df1b8abf327f3c
.rar
Patch.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.BRD0
Size: 80B - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BRD1
Size: 29KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
artcurs.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.BRD0 Size: 80B - Virtual size: 132KB

.BRD1 Size: 29KB - Virtual size: 35KB

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 574B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 896B

.BRD0
Size: 80B - Virtual size: 132KB

.BRD1
Size: 29KB - Virtual size: 35KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 574B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 896B