%E5%BC%A0%E8%89%B3-%E5%A4%A7%E5%AE%A2%E6%88%B7%E7%BB%8F%E7%90%86-7%E5%B9%B4%E7%BB%8F%E9%AA%8C[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

%E5%BC%A0%E8%89%B3-%E5%A4%A7%E5%AE%A2%E6%88%B7%E7%BB%8F%E7%90%86-7%E5%B9%B4%E7%BB%8F%E9%AA%8C.zip
Size

2.6MB
MD5

92391a56dd23a75780625c6f35e669a1
SHA1

c814d4413c1a9564ee773741d512b41dbbcefe33
SHA256

512216eafb41c810e9063063b595b0eb2364fe64b5be40c69ff2282534b23965
SHA512

941ce3b9efcd7c042942d41f8a180353254ded17f929de3c99c21f2b12b3d364264ae8e41c94a6679ccf6dc134d19e673230a8d1ba6c1d4dddfa7128bad6cc37
SSDEEP

49152:4zeptEuzR5VlE3ujMm2fEvuccJfSUwoYxLFNubnH0cQMI:5ptEybJjl2fEvucwztYxLFobUkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/张艳-大客户经理-7年经验.exe

Files

%E5%BC%A0%E8%89%B3-%E5%A4%A7%E5%AE%A2%E6%88%B7%E7%BB%8F%E7%90%86-7%E5%B9%B4%E7%BB%8F%E9%AA%8C.zip
.zip

Password: infected
张艳-大客户经理-7年经验.exe
.exe windows x64

a168b833603c54fa82c71f9433a6f19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringW
lstrcatW
DeleteFileW
CloseHandle
MoveFileExW
MoveFileW
GetModuleFileNameA
WriteFile
RemoveDirectoryW
SetEndOfFile
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileA
ExitProcess
CopyFileW
GetTempFileNameW
GetModuleFileNameW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileAttributesExW
Process32NextW
SetFileInformationByHandle
CreateFileA
Process32FirstW
CreateProcessW
Sleep
GetCommandLineW
lstrcmpiW
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
OpenProcess
TerminateProcess
OutputDebugStringA
WideCharToMultiByte
CreateDirectoryW
HeapAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
RtlUnwind

user32

CreateWindowExW
RegisterClassExW
LoadAcceleratorsW
GetMessageW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
UpdateWindow
MessageBoxW
MessageBoxA
wsprintfW
SystemParametersInfoA
SystemParametersInfoW
LoadStringW

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
CommandLineToArgvW

shlwapi

SHGetValueA
SHDeleteKeyA
StrStrA
StrStrIW

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a168b833603c54fa82c71f9433a6f19e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 338KB - Virtual size: 337KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 338KB - Virtual size: 337KB

.reloc
Size: 2KB - Virtual size: 2KB