Toolbar[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Toolbar.exe
Size

206KB
MD5

46f2d74ab5e751d21e895b865a967477
SHA1

a429bc6eda3610c31e5b2ee02ebc9b5d00a5e1a0
SHA256

0f5273b48a78217181f16d1caf92a989d04bbd76d8ee6de3ee10356170a14a64
SHA512

b0f6bce0e56e00e5207319b1da4d2d02ec8be25132d5af194a2167f7eaf69e9068f02386f1872315d63fe2e9f380aec8865afab1ee91cdaa33fec9ace7fc5962
SSDEEP

6144:nMJCcV6MGTUjjszAYzEcERs8kx55QEwSNxG:MDshUjjs8SmsHx5aEw2G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/tomphilip/AppData/Local/Temp/NER86D7.tmp/Toolbar.exe

Files

Toolbar.exe
.zip

Password: India@2023@@
Device/HarddiskVolume3/Users/tomphilip/AppData/Local/Temp/NER86D7.tmp/Toolbar.exe
.exe windows:4 windows x86 arch:x86

Password: India@2023@@

aac60df60ca85a65dc1aa5d99d8cccdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
lstrlenA
GetTempPathA
RemoveDirectoryA
SetCurrentDirectoryA
EnumResourceNamesA
GetUserDefaultLangID
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetPriorityClass
GetCurrentProcess
GetCommandLineA
lstrcmpiA
DeleteFileA
SetFileAttributesA
lstrcatA
GetStartupInfoA
ExitProcess
GetModuleHandleA

user32

CharNextA
wsprintfA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json