595c80be39bc656ab033ebac91a3864e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

595c80be39bc656ab033ebac91a3864e
Size

1.7MB
MD5

595c80be39bc656ab033ebac91a3864e
SHA1

f3353dd0eefa51fb133b6542efed344144ab4cf8
SHA256

52e84138869b722ceb16472d356baf97c2ca22e96d6d8ce09486c6fd651cf1e7
SHA512

064aeac254e0bbc6779102ca747142d9cb336a743b1259a4ec9b836c2b4b222a5d0f4d815520ebf10937166a40d8768b4e69c1d41ba22ca0d7deaac6f03a8e6b
SSDEEP

49152:imjkbb96MHt8/6W3374mK65vGsigsKh9KIEz7D:7c6B6WnLK61Gst9KI2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/colorgate.7.0.0.4123-patch/colorgate.7.0.0.4123-patch.exe

Files

595c80be39bc656ab033ebac91a3864e
.zip
colorgate.7.0.0.4123-patch/colorgate.7.0.0.4123-patch.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ