197c2d218121ff0ec738f5d301bf13b7824320c07942b99c9f278e8d7508b15d[.]exe | Triage

Sharing

General

Target

197c2d218121ff0ec738f5d301bf13b7824320c07942b99c9f278e8d7508b15d.exe
Size

3.2MB
MD5

885a317f0e6471b48210a165fa878af7
SHA1

0beccc1ab4baa6ae9c9a735ecc0719b75031c394
SHA256

197c2d218121ff0ec738f5d301bf13b7824320c07942b99c9f278e8d7508b15d
SHA512

6e017371d637ddfd56229cc7ba2da4285b9ab3e6891d11c5b27ff784bcf5063ae1dcc65b51e1445944ae12df1d72791a485f365776ccd245b2a03bde1c05ca08
SSDEEP

98304:Ol2fRAinZNWMWvrcRoJfr0zVVQrY92iVzc/JFUhdM:M/iZNXWTc5zXQkfI/Ah6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
197c2d218121ff0ec738f5d301bf13b7824320c07942b99c9f278e8d7508b15d.exe

Files

197c2d218121ff0ec738f5d301bf13b7824320c07942b99c9f278e8d7508b15d.exe
.exe windows:5 windows x86 arch:x86

299facae7e3811e3ba17036d8f5262d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

oleaut32

VariantInit

ole32

CreateStreamOnHGlobal

shell32

SHFileOperationW

advapi32

AdjustTokenPrivileges

comdlg32

GetOpenFileNameW

gdi32

DeleteObject

user32

LoadBitmapW

kernel32

RtlUnwind

shlwapi

SHAutoComplete

comctl32

InitCommonControlsEx

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ