e916b4864f695c75ef5ae1d8286ccf118790d11b900ccb92f25c4e4dac392924 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e916b4864f695c75ef5ae1d8286ccf118790d11b900ccb92f25c4e4dac392924
Size

5.5MB
MD5

8559b0ac89a52a1a8520d82cf4049666
SHA1

215fca1cb2e794a58db844b7ebec662b68f3b926
SHA256

e916b4864f695c75ef5ae1d8286ccf118790d11b900ccb92f25c4e4dac392924
SHA512

c42312e19242271d859a5805b5b63ff6916662ac4c2059726c9657f824d287c3939d1a31648d4455970100075b63df0e1d9fe972251f6a08bec6e6f5b93fbd55
SSDEEP

98304:Pvz32wWG9G4Q8g6/KA5Te1YeiPuK25m1Ae17JU0JbIC9v2:PvzG9nWg6/KGykPoBePJkv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/数据库取证大师.exe

Files

e916b4864f695c75ef5ae1d8286ccf118790d11b900ccb92f25c4e4dac392924
.rar
数据库取证大师.exe
.exe windows:4 windows x86 arch:x86

bab7f51e60ddb08f4b85395959cc7e7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

RegEnumKeyW

wininet

InternetOpenW

oleaut32

SysAllocString

ole32

OleRun

oledlg

OleUIBusyW

shlwapi

PathIsUNCW

comctl32

InitCommonControlsEx

shell32

DragFinish

winspool.drv

OpenPrinterW

comdlg32

GetFileTitleW

gdi32

DPtoLP

odbc32

ord24

Sections

.AKS1
Size: 2.9MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS2
Size: 2.6MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AKS3
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE