天下·火龙[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

天下·火龙.exe
Size

9.2MB
MD5

895926570b352941d6197ae14b7d897b
SHA1

4c4658fbf172ca5c301a644cb94ce7144df25dda
SHA256

6ca7aa5c660c473531f2af7a899ae8b572d239e8835b8b77cf03a732d4a5d6ac
SHA512

463814f85a78c543bd6b3d23e1622bc176f81865c562b76e7b820a247fa23cb6b5087aef1a3088be1d678af4791997096956597cc687909a776991086a5fe7e1
SSDEEP

196608:zJ/MBz1sfGX63UczIBawtb405vnpAcEzSvhFYvsr8kLJ53CjD2iNofo6vwwr:l/6z1PX6VzIBaq00Fprvz8swkttCjD9q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
天下·火龙.exe

Files

天下·火龙.exe
.exe windows x86

88e9ba805693c0535a772c31c6feee57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

rasapi32

RasHangUpA

winmm

midiStreamOpen

ws2_32

WSAStartup

user32

WaitForInputIdle

gdi32

PtVisible

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

SHGetSpecialFolderPathA

ole32

StgCreateDocfileOnILockBytes

oleaut32

SafeArrayAccessData

comctl32

ord17

oledlg

ord8

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: 971KB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE