b41bf31838a1f910d5dd9fb525226d52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b41bf31838a1f910d5dd9fb525226d52
Size

66KB
MD5

b41bf31838a1f910d5dd9fb525226d52
SHA1

ab2675c9883df21fab1d0dfe0371e29c88d393b4
SHA256

3f4c75266d188521f575bf0fe95bd3dbf67dcc82f520b5d26566c3610aba5e24
SHA512

855d38524c460a9a6b1904ce3a453cedd5e5380e8f689e0fca2f4c534408488b801cd65f672ec51013c0268d773d0c55e6f6b4a7d845ce3711baf1a1e9d70a3e
SSDEEP

1536:argZcwn3gDLNJlWsN0b3LAL57jaMkCAadJWmylBD46qoAXUW7Vw:asRnWPx0ABJkIJWm2BoO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pointdev ideal administration 7.72.exe

Files

b41bf31838a1f910d5dd9fb525226d52
.zip
pointdev ideal administration 7.72.exe
.exe windows:5 windows x86 arch:x86

ee89fe2c3840d0503b55eece8b3080b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleFileNameW
GetProcAddress
HeapAlloc
GetModuleHandleA
OutputDebugStringA
RtlZeroMemory
GetModuleHandleW
GetStartupInfoW
ExitProcess

msvcrt

_wcmdln
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
__wgetmainargs
memcpy

user32

RegisterClassExW
TranslateMessage
BeginPaint
LoadCursorW
PostQuitMessage
GetMessageW
DestroyWindow
EndPaint
LoadStringW
DispatchMessageW
DefWindowProcW
ShowWindow
CreateWindowExW

gdi32

AbortDoc

winspool.drv

OpenPrinterA
ClosePrinter

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ