b5e89b5c2e87bea13796ce2a203a035f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5e89b5c2e87bea13796ce2a203a035f
Size

4.9MB
MD5

b5e89b5c2e87bea13796ce2a203a035f
SHA1

da07c2d3ace54444650c2b894cfa6f9bc4178d3e
SHA256

96ccf98f643cd4b86c29fe87f05dccede6a1641a9ab4736de5388878adaff5ce
SHA512

af69ff979c99de4e4d66679098396ce540234c17b159e4c7646f95b9d6a310b874013a750ae55aa3aa2adca7368872fa1fe74f08fa145eb92640f57a2c78895a
SSDEEP

98304:rurls0S3Ybi4Y4qs5shIg+juuXPaWH07bbNFUQ1hNku3RMtKlMGML/OJ:rGS3VnksSg0nyP7fkMhTRMtcMi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/atn-v7.7/setup.exe

Files

b5e89b5c2e87bea13796ce2a203a035f
.rar
atn-v7.7/file_id.diz
atn-v7.7/license.txt
atn-v7.7/readme.txt
atn-v7.7/setup.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atn-v7.7/新云软件.url
.url