新建文件夹 (2)[.]7z

Resubmissions

04-08-2023 04:04

230804-emykvsad9y 3

04-08-2023 03:58

230804-ejw8maad7x 3

Sharing

Copy URL

Twitter E-mail

General

Target

新建文件夹 (2).7z
Size

77KB
MD5

7b58613060548f1ac16cd5a9812a8b52
SHA1

12783bb50b5d54376622d07342e6f0480521e186
SHA256

7ed3244b7becefec41ce27ea59ac805f30db8fa4946ad41a84cdc9f273f9d34f
SHA512

35944ace0b2258eff779462717284c6a55ade064511e999896a9b3dfd064194f0071b529a66adc35ba823e6a28962fe8b01e3f7c7fe94a216c47472a54086259
SSDEEP

1536:gIGoTYadrYNq6UxkwM+eaPQ/6zyCQVqvhWcvRaQuIGehwb4:wotdU86UxkwM9/U8qAcvRQ9WC4

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/新建文件夹 (2)/appR.dll
unpack001/新建文件夹 (2)/appR.exe

Files

新建文件夹 (2).7z
.7z
新建文件夹 (2)/appR.dat
新建文件夹 (2)/appR.dll
.dll regsvr32 windows x86

d54d57533181a1574064a9d7e8308e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_strnicmp
bsearch
malloc
free
_wcsnicmp
_ultoa
memset
_setjmp3
longjmp
memmove
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
realloc
wctomb
_itoa
_snprintf
isleadbyte
_purecall
_onexit
??2@YAPAXI@Z
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_iob
_vsnwprintf
_errno
wcsncmp
wcstol
iswalnum
iswspace
_wfullpath
strrchr
_stricmp
_vsnprintf
_wcsicmp
memcpy
??3@YAXPAX@Z
_lock
strtoul
wcstoul
wcsrchr

oleaut32

SysReAllocStringLen
VariantChangeType
CreateTypeLib2
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
LoadTypeLibEx
UnRegisterTypeLi
VariantCopyInd
SysAllocStringLen
SysAllocString
VariantCopy
VariantClear

ole32

CoTaskMemFree
CreateBindCtx
CoGetMalloc
CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CreateFileMoniker
OleGetAutoConvert
CoInitialize
CoUninitialize
CLSIDFromString
StringFromGUID2
CoCreateGuid
StringFromCLSID

advapi32

RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
IsTextUnicode
RegOpenKeyExW
RegQueryValueExW
ImpersonateLoggedOnUser
RegCloseKey

kernel32

WriteFile
FlushFileBuffers
GetACP
CreateFileW
CreateFileA
MapViewOfFile
UnmapViewOfFile
CloseHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcAddress
GetTempFileNameA
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
GetSystemInfo
VirtualQuery
lstrlenW
GetSystemDefaultLCID
GetUserDefaultLCID
LoadLibraryExA
GetLocaleInfoA
GetModuleFileNameW
GetLastError
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetVersionExA
WideCharToMultiByte
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathA
SetLastError
LoadResource
FindResourceExW
LoadLibraryExW
CreateFileMappingW
GetLocaleInfoW
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW

user32

MessageBoxA
GetUserObjectInformationA
GetProcessWindowStation
LoadStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllRegisterServerExA
DllRegisterServerExW
DllUnregisterServer
DllUnregisterServerEx
GenerateTypeLib
GenerateTypeLibW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹 (2)/appR.exe
.exe windows x86

7dc87ef66f0ed84345e4cf471a3c3455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3
__argc
__wargv
_wsplitpath
_wcmdln
wcslen

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleA
LocalAlloc
FormatMessageW
SetErrorMode
lstrcatA
WideCharToMultiByte
LoadLibraryExW
GetLastError
GetProcAddress
lstrcmpW
GetStartupInfoW
QueryPerformanceCounter
lstrlenW
lstrcpyW
lstrcatW
lstrcpynW
FreeLibrary

user32

LoadStringW
MessageBoxW
wsprintfW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d54d57533181a1574064a9d7e8308e1f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

ole32

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 6KB

7dc87ef66f0ed84345e4cf471a3c3455

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 143KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB