0d66e864ce967024678fdc919570f02fb3453f9589a6aaf407a2c9ae2db2bb6b[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

0d66e864ce967024678fdc919570f02fb3453f9589a6aaf407a2c9ae2db2bb6b.rar
Size

602KB
MD5

6b2f3036a2fc5755058f96c59d2b7e9c
SHA1

77cd59ab13304b5a98d727df790cb67d768d480e
SHA256

0d66e864ce967024678fdc919570f02fb3453f9589a6aaf407a2c9ae2db2bb6b
SHA512

b199d0700ffcd508a36c0e50ff5a07d2cd49dddbba7d201cb2bd97b37e6a17c065ba56f89a9655850dce1a76febc247c0e4920c9f80d867de7faff4b0b8293e1
SSDEEP

12288:8kpjDbmhaMN3YeoLBI/rn7rRa1p+o9Ko38HrDgvFxTeyYHKx5vmNYE3UKkj:9lXkDj/TRayokosLk7eOH+M

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/关于核对2023年人力资源部对电商部支撑情况的通知/__MACOSX/关于核对2023年人力资源部对电商部支撑情况的通知/QAXProtect.dll
unpack001/关于核对2023年人力资源部对电商部支撑情况的通知/__MACOSX/关于核对2023年人力资源部对电商部支撑情况的通知/svrQAXDocProtect_x64.exe

Files

0d66e864ce967024678fdc919570f02fb3453f9589a6aaf407a2c9ae2db2bb6b.rar
.rar
关于核对2023年人力资源部对电商部支撑情况的通知/__MACOSX/关于核对2023年人力资源部对电商部支撑情况的通知/QAXProtect.dll
.dll windows x86

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
Sleep
FreeLibrary
DisableThreadLibraryCalls
SetEndOfFile
WriteConsoleW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
ReadFile
SetFilePointer
GetConsoleMode
ReadConsoleW
CloseHandle
SetLastError
InterlockedIncrement
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
CompareStringEx
LCMapStringEx
GetStringTypeW
CreateFileW
SetEnvironmentVariableA

user32

MessageBoxA

Exports

Exports

bfewjfiasdhfisfivjehafiuheuhfjaefeafgwe
DFFsdfjefhuxfsjkdahfkawherfewge
SDFDSfdsfjweuaalkdfjaoiefhiosjdf
StartHook

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
关于核对2023年人力资源部对电商部支撑情况的通知/__MACOSX/关于核对2023年人力资源部对电商部支撑情况的通知/svrQAXDocProtect_x64.exe
.exe windows x86

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
SetLastError
FindNextFileW
GetCurrentProcess
WriteFile
FindClose
CreateFileW
GetModuleFileNameW
GetVersionExW
GetVersion
GetModuleHandleW
GetConsoleMode
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EnterCriticalSection
HeapFree
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
WriteConsoleW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

SHGetValueW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
关于核对2023年人力资源部对电商部支撑情况的通知/关于核对2023年人力资源部对电商部支撑情况的通知.pdf
.pdf
关于核对2023年人力资源部对电商部支撑情况的通知/关于核对2023年人力资源部对电商部支撑情况的通知.pdf.lnk
.lnk .pdf

Sharing

General

Malware Config

Signatures

Files

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB