话术i[.]exe | Triage

Resubmissions

16/09/2022, 15:19

220916-sqeh2sgaf8 6

16/09/2022, 15:16

220916-snrqlabgfr 6

16/09/2022, 15:11

220916-skk4msgae6 6

16/09/2022, 15:05

220916-sgdv6abgdq 6

Sharing

Copy URL Twitter E-mail

General

Target

话术i.exe
Size

2.2MB
MD5

9d4c2a5ec70acbbe6bc0465c91a33be6
SHA1

cfe80cbd991f5b17c78131560796dc1926064b6c
SHA256

df780dd3e53f2047e656f90e2e9ff692a371abea8cd970e9bd101db48cc65793
SHA512

749944b348c6e0fe6adb6d7aecefa331db89eea8726a1546a551e0b154eb128d00c4c331d2ad796b4b88dd466ec176508ba519ec337bfcc0193f08f52c42a4f0
SSDEEP

49152:ylp3+54JIHHLAvE2mUQTqEFiNsYmM2jk0yhVt+ghy:23+OJkLsdQhFiNvDugo

Score

N/A

Malware Config

Signatures

Files

话术i.exe
.exe windows x86

Password: 123456

6e25dce3e734606aabff602f5526dfc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryDataAvailable
FtpSetCurrentDirectoryA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
FtpOpenFileA
InternetConnectA
InternetOpenA

mpr

WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA

psapi

EnumProcesses

kernel32

GlobalFree
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStdHandle
HeapCreate
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetWindowsDirectoryA
FormatMessageA
LocalFree
LocalAlloc
CopyFileA
GetModuleHandleA
SetFileTime
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrcatA
lstrlenA
lstrcpyA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
GetTickCount
SetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
Sleep
GetModuleFileNameA
GetVersionExA
TerminateProcess
HeapSize
GetFileType
SetStdHandle
DeleteFileA
WriteFile
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FlushViewOfFile
FindClose
FindFirstFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
CreateFileA
GetTickCount64
QueryFullProcessImageNameW
OpenProcess
GetCurrentProcessId
ExitProcess
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
lstrcmpW
MultiByteToWideChar
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
lstrcmpA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetModuleFileNameW
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
GetModuleHandleW
WritePrivateProfileStringA
SetErrorMode
FindResourceExA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetDriveTypeA
GetCommandLineA
GetStartupInfoA

user32

GetMenuItemID
PostMessageA
SetForegroundWindow
SetMenu
TrackPopupMenu
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetActiveWindow
GetMessageA
GetWindowThreadProcessId
PostQuitMessage
WaitMessage
GetMenuItemCount
GetAsyncKeyState
GetWindowLongA
GetDC
ReleaseDC
WindowFromPoint
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
DestroyMenu
FillRect
DrawFocusRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
IsZoomed
SetRectEmpty
SetRect
GetSysColorBrush
UnregisterClassA
SetWindowPos
OffsetRect
IsIconic
GetWindowPlacement
CopyIcon
MessageBeep
InvalidateRect
GetWindowRect
CreateWindowExA
SetCursor
IsWindowVisible
CopyRect
GetSystemMetrics
GetSysColor
SystemParametersInfoA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
UpdateWindow
ReleaseCapture
MapWindowPoints
EqualRect
DeferWindowPos
SetCapture
DispatchMessageA
TranslateMessage
EnableMenuItem
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
CharUpperA
GetMenu
RedrawWindow
KillTimer
SetTimer
GetKeyState
MapDialogRect
SetWindowLongA
EnableWindow
SendMessageA
CharUpperW
GetMenuState
CheckMenuItem
MessageBoxA
wsprintfA
GetWindow
LoadIconA
GetDesktopWindow
ScreenToClient
GetFocus
GetParent
GetCursorPos
LoadMenuA
GetSubMenu
GetClientRect
LoadCursorA

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
DeleteDC
SelectPalette
CreateSolidBrush
GetBkColor
EnumFontFamiliesExA
SetBkMode
RestoreDC
SaveDC
SelectObject
DeleteObject
GetTextMetricsA
ExtTextOutA
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
BitBlt
RealizePalette
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx
PtVisible
GetObjectA
CreateCompatibleDC
GetDeviceCaps

advapi32

RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA
ExtractIconA
ExtractAssociatedIconA
DragQueryFileA
DragFinish

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoInitializeEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
UrlUnescapeA

ws2_32

bind
WSAGetLastError
sendto
htonl
WSAAsyncSelect
getservbyname
inet_ntoa
gethostbyaddr
gethostname
select
accept
recvfrom
closesocket
recv
send
connect
WSACleanup
WSAStartup
inet_addr
gethostbyname
socket
htons
WSASetLastError

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123456

6e25dce3e734606aabff602f5526dfc8

Headers

DLL Characteristics

File Characteristics

Imports

wininet

mpr

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

ws2_32

oleacc

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 358KB - Virtual size: 357KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 1.6MB - Virtual size: 1.7MB

.rsrc Size: 152KB - Virtual size: 151KB

.text
Size: 358KB - Virtual size: 357KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 1.6MB - Virtual size: 1.7MB

.rsrc
Size: 152KB - Virtual size: 151KB