MS10-048-x86(本地测试版)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MS10-048-x86(本地测试版).exe
Size

15KB
MD5

759e153aa4a282077ca456145c1adaac
SHA1

e57b453966e4827e2effa4e153f2923e7d058702
SHA256

cb7e72f648449a133f40cbb49be262d00c969abcccf116a8978904f0cfd61eea
SHA512

011ed59267ee9187cc4b8c61937dda7b4e8e964b4de9a60e76a1bfe65c03d5057cf3668ca2c288b1318ee2c17adbd4bc42163fcbc2a9428dc9188dd34312b71b
SSDEEP

192:K1e3P1S4WkVH3lg2ag9EtGmLJv4ul44vd02JE/80+QoneShqAs1nFz:Z1S4hVH1J9EtGqA04h2gN+Qonfih

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MS10-048-x86(本地测试版).exe

Files

MS10-048-x86(本地测试版).exe
.exe windows x86

0814b6bee25b5e24fb0cda5dddf15e16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessA
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetVersionExA
LoadLibraryA
SetUnhandledExceptionFilter
Sleep

msvcrt

_strdup
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
_strnicmp
abort
atexit
exit
fflush
fgets
fopen
free
malloc
memcpy
memset
printf
putchar
puts
signal
strlen
strncmp

user32

CallNextHookEx
CreateWindowExA
DestroyWindow
SetWindowsHookExA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE