c68bb8764bdceafbe1f69d0ba37be54d | Triage

Sharing

General

Target

c68bb8764bdceafbe1f69d0ba37be54d
Size

86KB
MD5

c68bb8764bdceafbe1f69d0ba37be54d
SHA1

37d6e51870f23457e802bb733f67228205052fad
SHA256

77f6c4d07afc4ca95b63ffb0abddff80b0457fee6bf8e8ebe5473252786167fa
SHA512

7ac488df463415966b6b5a491654be8ddd31be79c1c77975f201dd07acdb887cee3946e99c7721f0b71a6df630a3c5d9070a9d4b8499c1e4a8b32f72da967461
SSDEEP

1536:kPKdyzxO4V1m8YM7CamaGUHj605P+2fVgRbQLeca15uKPln6vbSByWJTWYWTUIPL:kCdExghM71D+0V+2dgRbsed15u4x3Uqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/foxit.phantompdf.business.9.2.0.9297-patch UZ1.exe

Files

c68bb8764bdceafbe1f69d0ba37be54d
.rar
Express2BusinessFix.reg
foxit.phantompdf.business.9.2.0.9297-patch UZ1.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt