tally72[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tally72.exe
Size

3.7MB
MD5

fe0950873a986ef0053bb253ff07abb7
SHA1

02feb1b523531e1a2dc9b5d71b40d8e35666b536
SHA256

26b1e298ff62a6b7a74e08184be5b0ff2441a8c511c832cece67abe74ceadeba
SHA512

52f4e10ed6fe4cde661af6d240bcc0f3dc02b3efaea1b960fd3771734f24963cb22cdc2be42606a0f5a0e767c0a4249f783f8c810f71e62e33d7b853e3321e65
SSDEEP

98304:az7zyLjd70lnAKZZ0HIaIEXjbVKm98cf/tRpG/U2zyE:GzwYlAKnmjTXjz9fRYzyE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/SB Laptop/SUKUMARANS BACKUP/D Drive/Sukumaran/C Drive/old tally/Tally new/tally72.exe

Files

tally72.exe
.zip

Password: India@2023@@
Device/HarddiskVolume4/SB Laptop/SUKUMARANS BACKUP/D Drive/Sukumaran/C Drive/old tally/Tally new/tally72.exe
.exe windows:4 windows x86 arch:x86

Password: India@2023@@

a049d354b4a26842ee991e7a264dc826

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GetProcAddress
LoadLibraryA
lstrcmpiA
VirtualProtect
GlobalAlloc
GetVersion
IsBadWritePtr
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
CloseHandle
GetExitCodeThread
EnterCriticalSection
DuplicateHandle
GetCurrentProcess
CreateThread

user32

GetActiveWindow
MessageBoxA
wsprintfA

msvcrt

malloc
time
exit
free
rand
srand

Sections

0000001
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000002
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000003
Size: 92KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000004
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000006
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000007
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000008
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000009
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

0000010
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: India@2023@@

Password: India@2023@@

a049d354b4a26842ee991e7a264dc826

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

0000001 Size: 2.3MB - Virtual size: 2.3MB

0000002 Size: 152KB - Virtual size: 149KB

0000003 Size: 92KB - Virtual size: 1.0MB

0000004 Size: 40KB - Virtual size: 37KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

0000006 Size: 116KB - Virtual size: 114KB

0000007 Size: 4KB - Virtual size: 4KB

0000008 Size: 1024B - Virtual size: 744B

0000009 Size: 4KB - Virtual size: 4KB

0000010 Size: 20KB - Virtual size: 19KB

0000001
Size: 2.3MB - Virtual size: 2.3MB

0000002
Size: 152KB - Virtual size: 149KB

0000003
Size: 92KB - Virtual size: 1.0MB

0000004
Size: 40KB - Virtual size: 37KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

0000006
Size: 116KB - Virtual size: 114KB

0000007
Size: 4KB - Virtual size: 4KB

0000008
Size: 1024B - Virtual size: 744B

0000009
Size: 4KB - Virtual size: 4KB

0000010
Size: 20KB - Virtual size: 19KB