738760aba096f0dbd5e6ecddd12f4dc8fce5f61647e50d17963db5d392d395e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

738760aba096f0dbd5e6ecddd12f4dc8fce5f61647e50d17963db5d392d395e8
Size

3.2MB
MD5

8cc30eca826ca3245822a8f2dfc728f5
SHA1

ed12e00198b357e4b102c67c1cc8ad0044e6c518
SHA256

738760aba096f0dbd5e6ecddd12f4dc8fce5f61647e50d17963db5d392d395e8
SHA512

901a937c3f7e4b6e1c48ca4883fa8db150038bf8488f4b849c5d5c0a453395bd7ca26ebe999224960668619e29cd6eec02b37b4b6f1da331d63cf3cf8fa0b718
SSDEEP

49152:/VznVktIVvpkBetTBWqzeP5PdLoZVSQlzRg6KoOmJK3OwT2RU/jgCIb8/WJfM:NzVktcvWBeuqzCaglmoH4U/UC08J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GMSv83_4GB_完美中文+視窗化+去聊天限制.exe

Files

738760aba096f0dbd5e6ecddd12f4dc8fce5f61647e50d17963db5d392d395e8
.zip
GMSv83_4GB_完美中文+視窗化+去聊天限制.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ