newaP+ (Portable)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

newaP+ (Portable).exe
Size

2.8MB
MD5

3a25eb4ee6a01d4c7a40dec801bd9c05
SHA1

d4b4fbac88b76e720813cb3839fbd93d57129585
SHA256

e2f9f3c89a9c391ab94c4ab97908ef1d1b9bfe3f483f6fd1d815d553a893fec5
SHA512

11d9c6ce2f53ef5d958256b0568f1dbea1fce0d35a86d954f6b262a6e312d2e00f3632752c56b2995b6a36ed096dbea782939b8cc4e470a12ebc641d75154893
SSDEEP

49152:z7eobMF35HUg7pxMjDduSuBss/VDMeznYu4hPthEfnPYLQA:z7gJeDduSuB1/VvznYuGthkPYLQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
newaP+ (Portable).exe

Files

newaP+ (Portable).exe
.exe windows:5 windows x86 arch:x86

bc10594f0e5b090521adac523994d99c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetSystemInfo
MapViewOfFile
GetLastError
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
CloseHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 1.4MB

.idata
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ