票易通-单据[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

票易通-单据.zip
Size

2.8MB
MD5

08f15a5b1af13aa6c1904644a56a5a9b
SHA1

d01c8ed49b69708857fae5627576cb78823a855d
SHA256

dc6ae8111164080274837dc39e6364ce861338483b059d209bc2ef7424e77549
SHA512

b0ee451ee2c295c8ebb4b18f4afcc3c3d792d926e15569fcae77782481448bf82632867a443aba90284e9a85e2753b3327b39a0ffdf07591682d1d912cf4e068
SSDEEP

49152:jA3gCQAfBLo5W7GDbNpQxUHJ9DUVRnA/jSz6qL1pS06hGjn6GE1ajtv/AYw1v9lH:jdARiOGNpTvUVNA/8pvbj6GE1apPw11p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/票易通-单据.exe

Files

票易通-单据.zip
.zip
票易通-单据.exe
.exe windows x86

ff21bc71be3c3efbe415151c45331af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetCurrentDirectoryA
GlobalFlags
DeleteFileA
lstrcpyA
GetACP
lstrcmpiA
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesExA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetWindowsDirectoryA
GetNumberFormatA
InitializeCriticalSectionAndSpinCount
GetProfileIntA
SearchPathA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
HeapFree
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
RtlUnwind
HeapReAlloc
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
HeapQueryInformation
LeaveCriticalSection
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
IsValidCodePage
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeZoneInformation
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GlobalAddAtomA
WaitForSingleObject
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
FindResourceA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GetModuleHandleW
FreeLibrary
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
LocalAlloc
HeapSize
FileTimeToSystemTime
Sleep
CreateDirectoryA
GetModuleFileNameA
InterlockedDecrement
LoadLibraryA
GetProcAddress
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
EnterCriticalSection
FindResourceW
GetProcessHeap
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

MessageBeep
LoadMenuW
SetWindowRgn
RedrawWindow
NotifyWinEvent
GetAsyncKeyState
IsZoomed
CharUpperA
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
CreatePopupMenu
SetMenuDefaultItem
GetMenuDefaultItem
DestroyIcon
UnregisterClassA
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetParent
DestroyAcceleratorTable
SetClassLongA
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
ToAsciiEx
MapVirtualKeyA
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
RegisterClipboardFormatA
InvertRect
HideCaret
GetIconInfo
CopyImage
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
FrameRect
CopyIcon
CharUpperBuffA
PostThreadMessageA
GetKeyNameTextA
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
EnumDisplayMonitors
CopyRect
GetClassNameA
InvalidateRect
UpdateWindow
DrawStateA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetNextDlgGroupItem
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
GetFocus
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
GetWindow
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetRectEmpty
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
LoadCursorA
GetSysColorBrush
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
LoadIconA
GetWindowPlacement
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
IntersectRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
GetKeyState
SetLayeredWindowAttributes
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SetTimer
KillTimer
LoadBitmapW
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
GetWindowRect
SetRect
SendMessageA
AppendMenuA
GetSystemMenu
LoadIconW
EnableWindow
wsprintfA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
SendDlgItemMessageA

gdi32

ExcludeClipRect
SelectObject
GetClipBox
GetObjectA
CreateCompatibleDC
BitBlt
StretchBlt
SetMapMode
IntersectClipRect
SetPixelV
GetTextFaceA
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
Rectangle
GetDeviceCaps
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
SetPaletteEntries
ExtFloodFill
EnumFontFamiliesExA
SetPixel
SetDIBColorTable
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateDIBSection
CreateRoundRectRgn
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetRgnBox
GetTextColor
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
LineTo
MoveToEx
SetTextAlign
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
CopyMetaFileA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA
SHAppBarMessage
DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium

oleaut32

VarBstrFromDate
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathAppendA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

wininet

InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%~m
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PfG
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.~i,
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff21bc71be3c3efbe415151c45331af6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

comctl32

shlwapi

gdiplus

wininet

oleacc

imm32

winmm

winspool.drv

comdlg32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 265KB

.data Size: - Virtual size: 53KB

.%~m Size: - Virtual size: 1.4MB

.PfG Size: 3KB - Virtual size: 3KB

.~i, Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 512B - Virtual size: 284B

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 265KB

.data
Size: - Virtual size: 53KB

.%~m
Size: - Virtual size: 1.4MB

.PfG
Size: 3KB - Virtual size: 3KB

.~i,
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 512B - Virtual size: 284B

.rsrc
Size: 68KB - Virtual size: 68KB