Paypal P50[.]exe | Triage

Sharing

General

Target

Paypal P50.exe
Size

313.1MB
MD5

de77e9ca9729b6f4af1caec18131a3e7
SHA1

6b986e9e22b20d0c3d3c215ccbb7f781c25b6940
SHA256

cd8f195b4c7f71a25c880535255d9af2f4c39ce4065dc95964cf40876202c185
SHA512

7841f0cab6c4995311c52b07f6bf250dcad5bad2c497529fa602a209894fd9a371dc0ce2eae881e5ce5b12be44f9387fadbeea899c3ea46c87b09ff3a35336fb
SSDEEP

6291456:MlLDAi13OASrKbNTL8R7GR9FaMlyWQweIKBWz0m+84by5I8jyAe0M0qR:MdDT1+AjlL8R7GRzxQLIaWz3+84bsIiI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Paypal P50.exe

Files

Paypal P50.exe
.exe windows:4 windows x86 arch:x86

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313.0MB - Virtual size: 313.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ