SchemaDefFileConverter[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SchemaDefFileConverter.exe
Size

210KB
MD5

9d74f818c6d65a4e0d27aa58f1678f7c
SHA1

1470652a72cccf4dc7142c3bcfab2798973518db
SHA256

6d36df1c694e774c116fd66c5694ddf93d855d013d6340b86a0b06b24b7b8ecd
SHA512

8cafd93c0b5a6c4395fc6acdeb15b3e40ba9b4d5c6598333ae7b3ea1df72ddbd6c1abfadc8eeb2452d1f152482d6b9c0c0465f1fef6111feb158bce30dbace14
SSDEEP

6144:IiIc7YBeFB4StFMvRNy+FibxHdPrJZdETKglsWpR:Idc79BXtKvny+Fipd9as8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Softwares/TOAD/SchemaDefFileConverter.exe

Files

SchemaDefFileConverter.exe
.zip

Password: India@2023@@
Device/HarddiskVolume4/Softwares/TOAD/SchemaDefFileConverter.exe
.exe windows:1 windows x86 arch:x86

Password: India@2023@@

4f5f76d85d08d3c1403d858dc5fa4316

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

comdlg32

GetOpenFileNameA

Sections

pec1
Size: 202KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json