d40e702a2376862b8e5ccac85553cf03 | Triage

Sharing

General

Target

d40e702a2376862b8e5ccac85553cf03
Size

5.2MB
MD5

d40e702a2376862b8e5ccac85553cf03
SHA1

2b1258d9f3983828103c17aba41d6e3c879fc790
SHA256

b8229619778ebdedb1aee4fb9a355b355e9c15a7e3cd73bf8840b8eed33ca859
SHA512

16921f6690348a2b18be1773b5b09e64151c7ee98ed6858a64f565b306f141bf111c1fda191060df562a8b80f8ef1b51d9f20db3627b72dd3be4a25b8712b0ed
SSDEEP

98304:ria6UJYxwbRDaJW32RH3zYTzWJeBZlymBZXdiKVGPKBtd6Iby6gdW1x09T4j:8Uq+dDaJ/XUXWQBZrZXdJltdBbAWjB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zhengshangyouPDK.exe

Files

d40e702a2376862b8e5ccac85553cf03
.rar
zhengshangyouPDK.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url