Pr(添加用户版)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Pr(添加用户版).exe
Size

164KB
MD5

e02b7df04387db2328986fe71ae1c707
SHA1

d11e6c6f675b3be86e37e50184dadf0081506a89
SHA256

6620d81f3cf7409bb9dbc49d2927ffc8daef7c90369255c0e14e52fdb3bc754d
SHA512

c8f69dc10f54e451d31df3a3b3e761b176db4f585b7803f43c806d43e140bcfd5da5057b2124113655a65501475597a556ac670fdd40807bfd3268dc5f5a3bc2
SSDEEP

1536:SHE1lfQfZ2c6gNZjr8Ld9V81xUcCUmskEbTimaaBySShdpery8e65V7Il:SkdR9oxUcIJEbmmaaByS5Ze65VIl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Pr(添加用户版).exe

Files

Pr(添加用户版).exe
.exe windows x86

132e2100301106c0e6ca7f245ca15ba0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleBaseNameA

kernel32

GetCurrentProcess
DuplicateHandle
InterlockedDecrement
GetCurrentThread
GetEnvironmentVariableA
Sleep
VirtualProtectEx
WriteProcessMemory
OpenProcess
CloseHandle
LCMapStringA
LCMapStringW
CreateThread
OutputDebugStringA
GetLocaleInfoA
GetSystemInfo
VirtualProtect
SetFilePointer
FlushFileBuffers
GetOEMCP
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
lstrlenW
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCommandLineA
GetVersionExA
GetModuleHandleA
RaiseException
DebugBreak
GetProcAddress
LoadLibraryA
GetStdHandle
WriteFile
GetACP
InterlockedIncrement
GetModuleFileNameA
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
ExitProcess
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualQuery
InterlockedExchange
SetUnhandledExceptionFilter
GetProcessHeap
FreeLibrary
IsBadCodePtr
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
SetStdHandle

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetThreadToken
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
LookupAccountSidA
GetTokenInformation
RegDeleteKeyA

ole32

CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
VariantClear
VariantChangeType
VariantInit
SetErrorInfo
CreateErrorInfo

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

132e2100301106c0e6ca7f245ca15ba0

Headers

File Characteristics

Imports

psapi

kernel32

advapi32

ole32

oleaut32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 3KB