4b97fb823b899b2b7c48320c40b72da6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b97fb823b899b2b7c48320c40b72da6
Size

703KB
MD5

4b97fb823b899b2b7c48320c40b72da6
SHA1

4302b7fb0f73fe168763429911ee40a6da33acfc
SHA256

a312ca81880f12caf5d4b5133fd2b2fe76eaa7ebdc8f54c97ef4a56630773f62
SHA512

60526c8dff4d1d25575fba34df185953f0e1028bc7e97c7cfb5bda587272c10f6049e67979b63a9ed744cfcceee22d797770613f03dde681d3f7c83b34e91763
SSDEEP

12288:N49dQOjgoOuMSQOU0grRvYRgDvDCIsP8FdASHkq8SGMJeMwbuCANJsh+Re:N5Ojg7uMgUztg6vDCnP8g5q8SGMsAC+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qpgmslf-v5.0.exe

Files

4b97fb823b899b2b7c48320c40b72da6
.rar
qpgmslf-v5.0.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url