严诗文new[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

严诗文new.zip
Size

606KB
MD5

bf18905210a2e8d3c814167e9c8e98ed
SHA1

471741afd27779080c909df9c531bd6c370343d2
SHA256

f3ec07b916240b375cbc3da5037c50a92924818ea63246370c1507617aa81840
SHA512

78bcc5008419d2b4e46760f901f6d20dff5ac44304e9fe0d41a16c72baf75d8422b3c669dabccc39dddef03ccc849121b9579067312a2f7bf77f9df228352280
SSDEEP

12288:2CECY9mxpbRgaCmN6EHatTQezQ2X7AtP6i9QRRl+nICPkQ7wX2WtYeo:2CjHgavvoTQC7AtP6iARMnXkXY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/__MACOSX/__macosx.exe

Files

严诗文new.zip
.zip
__MACOSX/__macos.docx
.docx office2007
__MACOSX/__macos.vbs
.vbs
__MACOSX/__macosx.exe
.exe windows x64

03a4272bf34b81a9178372771561d3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036

ws2_32

getnameinfo
freeaddrinfo
__WSAFDIsSet
WSASocketW
WSAGetLastError
WSACleanup
WSAStartup
socket
getaddrinfo
setsockopt
send
select
recv
ntohs
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
shutdown

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

user32

ReleaseDC
GetWindowDC
GetDesktopWindow

kernel32

GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FreeEnvironmentStringsW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
FindFirstFileExW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileA
ReadFile
WriteFile
CloseHandle
VirtualAlloc
VirtualProtect
LoadResource
LockResource
SizeofResource
FindResourceA
GetCurrentProcess
TerminateProcess
ResumeThread
CreateProcessA
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetSystemInfo
QueryPerformanceCounter
WaitForSingleObjectEx
GetCurrentThreadId
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
GetLocaleInfoEx
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringEx
GetCPInfo
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLocaleInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
WriteConsoleW

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
严诗文.docx.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

03a4272bf34b81a9178372771561d3f4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

gdi32

user32

kernel32

Sections

.text Size: 399KB - Virtual size: 398KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 17KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 674KB - Virtual size: 673KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 399KB - Virtual size: 398KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 17KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 674KB - Virtual size: 673KB

.reloc
Size: 3KB - Virtual size: 3KB