INWORK (1)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

INWORK (1).exe
Size

197KB
MD5

75afcde2f6563dc408f1f54a59e2d58a
SHA1

9ca51d6201f41efb4336a717ab7c95cec1d6f4b4
SHA256

b8f355e76acdf8aeb3b28cf93af865fd70081913b403afdafd550c6241cb7448
SHA512

043a3803db08c256f0e8c21688efd46b9392b3f372f4595a988aeeacc9a0e1699cd2ba4a580c1e2baf6b2dd3b5608b1717476f306827c7d045c9dfc392773777
SSDEEP

3072:vDtAK2g8lewoo0nT7e/2Pjohbjs29qBk9fZARr8H4en4H8T7qQdZ6sR6fH0oIII:vDtA48lv0nTSVzor8HBnrZZTR6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
INWORK (1).exe

Files

INWORK (1).exe
.exe windows:5 windows x86 arch:x86

3062e50d2fa67f7426fb01fd27779682

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

DrawIcon

gdi32

BitBlt

advapi32

RegCloseKey

shell32

ExtractIconA

shlwapi

StrToIntA

winmm

PlaySoundW

ws2_32

connect

urlmon

URLDownloadToFileW

gdiplus

GdipFree

wininet

InternetOpenW

Sections

.MPRESS1
Size: 175KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE