cae46715a137d265e437ae2e8fd6cbde | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cae46715a137d265e437ae2e8fd6cbde
Size

72KB
MD5

cae46715a137d265e437ae2e8fd6cbde
SHA1

30cc08e9a4cce72ffa379d59d00457e02614dfc7
SHA256

0d56c9b69d8a0fa08c916134b6e6abbfb4e8084e21e151a0bb2cd75644774898
SHA512

57a0b336fd140e8ef890e2ea37ee6c694126d824ec8bc98f906f3f4c11c2bfd7d6eefa97b98cfee39b6a3c596fa60c94d0bc0bc4d5a38ff4c532f72648a358b4
SSDEEP

1536:dwZeA0cksvYXiXuKevG4gbFDf007jOjiOC6sZefc:dBAc+YXihevG4gZA07qjI6sZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cae46715a137d265e437ae2e8fd6cbde

Files

cae46715a137d265e437ae2e8fd6cbde
.exe windows:4 windows x86 arch:x86

017e5c1de86cbafca516092ec31de2e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Gozo\Qoologic\PopupClient\Installer\Release\Installer.pdb

Imports

shlwapi

StrNCatA
wnsprintfA

kernel32

RtlUnwind
GetVolumeInformationA
ExitProcess
Sleep
lstrcpynA
GetTickCount
GetTempPathA
lstrlenA
lstrcmpiA
lstrcatA
GetWindowsDirectoryA
lstrcpyA
CloseHandle
WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
SetFileAttributesA
SetFileTime
GetFileTime
GetSystemDirectoryA
FindClose
FindFirstFileA

user32

wsprintfA

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ