IFW_Backup_Set_up_4[.]20[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IFW_Backup_Set_up_4.20.exe
Size

518KB
MD5

ee2dae5e47b4d13140abc66eed7a3f3f
SHA1

60e425e0b0c8f6db7493cbb2d5e6c3f7a2b6aa85
SHA256

b5a1e61a1b73981a19895d4a6fd50a35d32dcd289cfa4d617082a00dfb6e2257
SHA512

440646aba994afb80008d354bd583c7e79bba45017fbbcf066c1fe784aefefca7edd758fd8e55ca554520f2a439da404b1e4a50e1cc1b1f6a27a9a018fa6be6f
SSDEEP

12288:tQHB32Uou0EterSIdWrHm31qilLf6dEtcIlF5yKYv1VI2x2f:m4Xu0EteWI+HC1/lk91n2f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IFW_Backup_Set_up_4.20.exe

Files

IFW_Backup_Set_up_4.20.exe
.exe windows:5 windows x86 arch:x86

1343ca50d234527bf272645d6db0664b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

OleLoadPicture

Sections

.MPRESS1
Size: 481KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE