infected2023061001[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

infected2023061001.rar
Size

24.0MB
MD5

a77f6046a78c13454f60ce5c81bcc140
SHA1

08bc5bfba010c4054e203c90fff6a6eb6693864a
SHA256

8a08abc10683d5995a5b5beb6624aded9cc21ee81489fbed3fe8ca83c41d6098
SHA512

ca5fda9568cb022bc42057e6f04d5e798c160826c64c1c3a64113e4548af5aa278c4d622bb541e01350f5bdac8e0f72a4af26fbce4417f2b737db27f0ae8c00a
SSDEEP

393216:mLJwe0u1dL8ESNyGDOobTMN4zRh8R6HpzuXS1slNk9hPAeMZX7W7hETg/50FyFy7:smkRGqmTMN4zIc1r1CkfEIf/5R5C

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/infected2023061001/Downloads/72281aa0dbe98d68d17b6b44daf941ca618f845bca2cd2d32a7396cd418a2050.exe
unpack001/infected2023061001/Downloads/@4250.exe
unpack001/infected2023061001/Downloads/system.exe
unpack001/infected2023061001/Downloads/易凯-管理易最新版（2）.exe
unpack001/infected2023061001/Downloads/检修三北分部生产例会汇报gzmtr.com

Files

infected2023061001.rar
.rar
infected2023061001/Downloads/72281aa0dbe98d68d17b6b44daf941ca618f845bca2cd2d32a7396cd418a2050.exe
.exe windows x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023061001/Downloads/@4250.exe
.exe windows x64

63fff8a74b471ef75ea8d4c30481cbab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

VariantCopy

ole32

CoDisconnectObject

shell32

ShellExecuteA

advapi32

RegEnumKeyExA

winspool.drv

OpenPrinterA

gdi32

CopyMetaFileA

winmm

PlaySoundA

imm32

ImmGetContext

oleacc

CreateStdAccessibleObject

gdiplus

GdipSetInterpolationMode

urlmon

URLDownloadToFileA

uxtheme

GetThemeSysColor

shlwapi

PathFindFileNameA

msimg32

TransparentBlt

user32

GetMenuItemInfoA

kernel32

GetModuleFileNameW

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
infected2023061001/Downloads/system.exe
.exe windows x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
infected2023061001/Downloads/易凯-管理易最新版（2）.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.4MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 258KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 89KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 889KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 22.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
infected2023061001/Downloads/检修三北分部生产例会汇报gzmtr.com
.exe windows x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 215KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 244KB - Virtual size: 437KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 123KB - Virtual size: 123KB

.symtab Size: 512B - Virtual size: 4B

63fff8a74b471ef75ea8d4c30481cbab

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

ole32

shell32

advapi32

winspool.drv

gdi32

winmm

imm32

oleacc

gdiplus

urlmon

uxtheme

shlwapi

msimg32

user32

kernel32

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 500KB

.data Size: - Virtual size: 56KB

.pdata Size: - Virtual size: 79KB

_RDATA Size: - Virtual size: 512B

.text Size: - Virtual size: 572KB

.data Size: - Virtual size: 49KB

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 72B

.rsrc Size: 51KB - Virtual size: 50KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 112KB - Virtual size: 299KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 85KB - Virtual size: 84KB

.symtab Size: 512B - Virtual size: 4B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.9MB

Size: 258KB - Virtual size: 1.2MB

Size: 6KB - Virtual size: 70KB

Size: 89KB - Virtual size: 165KB

Size: 512B - Virtual size: 348B

Size: 889KB - Virtual size: 1.4MB

Size: 13KB - Virtual size: 79KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 52KB - Virtual size: 52KB

.winlice Size: - Virtual size: 22.9MB

.boot Size: 14.8MB - Virtual size: 14.8MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 244KB - Virtual size: 437KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 123KB - Virtual size: 123KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 500KB

.data
Size: - Virtual size: 56KB

.pdata
Size: - Virtual size: 79KB

_RDATA
Size: - Virtual size: 512B

.text
Size: - Virtual size: 572KB

.data
Size: - Virtual size: 49KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 72B

.rsrc
Size: 51KB - Virtual size: 50KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 112KB - Virtual size: 299KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 85KB - Virtual size: 84KB

.symtab
Size: 512B - Virtual size: 4B

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 52KB - Virtual size: 52KB

.winlice
Size: - Virtual size: 22.9MB

.boot
Size: 14.8MB - Virtual size: 14.8MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 215KB - Virtual size: 407KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 107KB - Virtual size: 106KB

.symtab
Size: 512B - Virtual size: 4B