2d80519dbea0b3705c2485185a2e76ea3b00c3335a8b2d4450e7bb2e15bcf788[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

2d80519dbea0b3705c2485185a2e76ea3b00c3335a8b2d4450e7bb2e15bcf788.rar
Size

3.1MB
MD5

72fc4d562bf8ad7d6060c2fb4cfc664b
SHA1

75d2769e3f9336ab002c2b303ce9a393f3facee7
SHA256

2d80519dbea0b3705c2485185a2e76ea3b00c3335a8b2d4450e7bb2e15bcf788
SHA512

5138452dd043cb70c5ea5823b8c478ae97a0d22904f745b3a3ea0d7ae9cab505958f990380a5fae199814a524ec81162648bd2acdbe2e3a879e636ef057a22a8
SSDEEP

49152:+FxCG86RnSMasItV7JFn+A/jLE2PpY/04gWOQ7H8GxJvE9TjEOizNcuyKlWXDgoJ:+FkG86Rn0n7JFn+gHE8Y/hFjYBXuycU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/__MACOSX/泛微协同办公平台E-cology8/inlosys.dll
unpack001/泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/__MACOSX/泛微协同办公平台E-cology8/tyconsvr.exe

Files

2d80519dbea0b3705c2485185a2e76ea3b00c3335a8b2d4450e7bb2e15bcf788.rar
.rar
泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/__MACOSX/泛微协同办公平台E-cology8/inlosys.dll
.dll windows x86

ef83bd77c6f15f5dbd5823bdc4629dcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
Sleep
AttachConsole
FreeLibrary
DisableThreadLibraryCalls
SetEndOfFile
CreateFileW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwind
ReadFile
SetFilePointer
GetConsoleMode
ReadConsoleW
CloseHandle
SetLastError
InterlockedIncrement
FlushFileBuffers
GetConsoleCP
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
SetStdHandle
GetTimeZoneInformation
WriteConsoleW
CompareStringEx
LCMapStringEx
GetStringTypeW
SetEnvironmentVariableA

user32

MessageBoxA

Exports

Exports

dfsdfsdfdsffSdf3fja23rwXX
dfsdfsjdkSDFdskfja23rwXX
dsddddf3DSDFAfkjefwkfd3
fdkfklgjdEDfgsdkf32fkadd

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/__MACOSX/泛微协同办公平台E-cology8/tyconsvr.exe
.exe windows x86

f2da7f70a2666c25ca382dfd306727d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameW
LoadLibraryExW
lstrlenA
Sleep
CreateThread
CreateEventW
GetModuleHandleW
GetCurrentThreadId
SetLastError
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
SetEvent
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetDriveTypeW
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
FreeLibrary
GetCommandLineW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
SetHandleCount
SetFilePointer
GetFileType
SetStdHandle
GetFileAttributesW
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
lstrcmpiW
WaitForSingleObject
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
CreateFileA
DeviceIoControl
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
CreateDirectoryW
InitializeCriticalSection
GetConsoleMode
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleCP
ReadFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetTimeZoneInformation
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
SetEndOfFile

user32

UnregisterClassA
wsprintfW
CreateWindowExW
CallWindowProcW
GetWindowLongW
RegisterClassExW
DefWindowProcW
DestroyWindow
LoadCursorW
GetClassInfoExW
IsWindow
PostMessageW
SetWindowLongW
CharUpperW
CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
MessageBoxW
LoadStringW

advapi32

RegisterServiceCtrlHandlerW
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

RegisterTypeLi
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
SysAllocString
VarUdateFromDate
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi

shlwapi

PathRemoveExtensionW
PathCombineW
UrlUnescapeA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册.pdf
.pdf
泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册/泛微协同办公平台E-cology8.0版本使用手册.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

ef83bd77c6f15f5dbd5823bdc4629dcc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

f2da7f70a2666c25ca382dfd306727d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 11KB