adobe[.]snr[.]patch[.]v2[.]0[.]rar | Triage

Sharing

General

Target

adobe.snr.patch.v2.0.rar
Size

650KB
MD5

8eced5b4b50c59e8d694f41d5a4e940e
SHA1

80a7d744b071b8d7708501643fbbc12477da3d12
SHA256

34e9412569ffd0c7480b97a901e8b9e14a24973e81ea7c12a089e47d8fcab8b3
SHA512

be95a97c786c2d5c2bb3fb7e1b2a61e2c0486fe5be6adaed31190da1970a4e482af8ae6dbd4f61e87456520559cfc64f3d1872fc7d407852723097c9bc2927c8
SSDEEP

12288:5fXCyqOLnXUOq0rNUYy9DfEsbVv+BaYJxdf+HVcBp5kOsULpqnMX+PWAa:pXXjXUO1uYy9Dfjv+MY9U2BDsUWMu3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/adobe.snr.patch.v2.0-painter.exe

Files

adobe.snr.patch.v2.0.rar
.rar

Password: rsload
adobe.snr.patch.v2.0.rar
.rar

Password: rsload
RSLOAD.NET.url
adobe.snr.patch.v2.0-painter.exe
.exe windows:4 windows x86 arch:x86

Password: rsload

416af365bd0075002ad4b3999c9e9a47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

CoInitialize

comctl32

ImageList_Add

shell32

SHGetFileInfoA

comdlg32

GetOpenFileNameA

Sections

.MPRESS1
Size: 556KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
changelog.txt
file_id.diz
painter.nfo