9637018c7a5b940d1894102111f54f31 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9637018c7a5b940d1894102111f54f31
Size

1.0MB
MD5

9637018c7a5b940d1894102111f54f31
SHA1

0e8258a42a1d30709a8f9373a45561c03a32b904
SHA256

31e00e8f26681d87824731e8d669bc27869412bbddca8fc64e24207a4adf33fe
SHA512

896ebe84c058412b68eb2cafafc6cb3e29ec0728969b514353736e88f18ce6c196165f206273a24f6b8599cca7a3d7557abe52947496eacb908fcb6f7adb4391
SSDEEP

24576:9mFvgbKygwGGaWpExvbLS73HWZgOEBBj9HFWpM7oXWRfiW:9kGRExvbIXWaOwjDWm+S5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DeskDoctor.exe

Files

9637018c7a5b940d1894102111f54f31
.rar
DeskDoctor.exe
.exe windows:4 windows x86 arch:x86

00c76e4175e743b1b678fb64a7fa9b95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess

user32

GetKeyboardType
CreateWindowExA

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

olepro32

OleLoadPicture

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

Shell_NotifyIconA

wininet

InternetReadFile

urlmon

CreateURLMoniker

Sections

pec1
Size: 450KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 610KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url