a291fc4379a140dd6da5ca917d425bf8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a291fc4379a140dd6da5ca917d425bf8
Size

472KB
MD5

a291fc4379a140dd6da5ca917d425bf8
SHA1

f27121c26943cf79d6492703c7176a34912a5e06
SHA256

56830ef1476f2930f12507f4bdc95c7cfb7967f2978df4aa6eedb8fc8efeb821
SHA512

8e4bf2060266698e8e35af6e2ef9fcfe62a5623705e04a38ebc5d43635b5d5d8549fc17aeed2c9241918fa74ca0839702aa6ea1d1375496348e17d178a20582f
SSDEEP

12288:3K6eFBrFCeWy9N7urdf5GTwiS08720VMb2YjJhTpMm:3HdAJOdBnf72db7n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LnDnsPod/LnDnsPod.exe

Files

a291fc4379a140dd6da5ca917d425bf8
.rar
LnDnsPod/Config.ini
LnDnsPod/LnDnsPod.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.nsp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 565KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LnDnsPod/data.mdb
LnDnsPod/新云软件.url
.url