671710b5583625fab12f66d236c7f817 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

671710b5583625fab12f66d236c7f817
Size

1.6MB
MD5

671710b5583625fab12f66d236c7f817
SHA1

9407f8103bb5afc575ba8355dfcdd252744702cd
SHA256

aa4672a28eddd7bab4a4803df16025df23af3ea2edd117f236770045f41e0339
SHA512

ea483c57a59c9e87578236c7c1f00932265f238e799a43c4d33884dc34ce8b82472628cd1333fa5e58575086e8b679a342b14051dcbd4e2aa39ff2d9ea96e2ca
SSDEEP

49152:JYVfyF52ZKv0ZzuPsEnbFbwCFKryNaEc7p:MEQQiz+sqbq9ryNan7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FolderCastle-v2.1/FolderCastle.exe

Files

671710b5583625fab12f66d236c7f817
.rar
FolderCastle-v2.1/FolderCastle.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FolderCastle-v2.1/Readme-说明.htm
.html
FolderCastle-v2.1/新云软件.url
.url