b7b7d9abbbe47a305e9c5604dd2971681f3cba20a1ab9c5ca6f368c0fc6e5db5

Sharing

Copy URL Twitter E-mail

General

Target

b7b7d9abbbe47a305e9c5604dd2971681f3cba20a1ab9c5ca6f368c0fc6e5db5
Size

72KB
MD5

00c9d5699f1e90c15fbc25c9bbe4b8b2
SHA1

9c7b023a8f5d4bc331bdda171a01a7d44085ba8e
SHA256

b7b7d9abbbe47a305e9c5604dd2971681f3cba20a1ab9c5ca6f368c0fc6e5db5
SHA512

450464de0ec44628b429c4831f43705bddee14b19c87b6be619187ef517a197c3a76e46edb4ce71e8ed250aab77a4d7e5568d6cb0fd1f70e6b21bce5016163ef
SSDEEP

1536:ravNqKAQHDsAt+F4fJ8CzTuDyqg7CAu8252XvqmYqNrzIacrJhWOYyu9b:r7nQjsb0JnuuqguAcLmDNrzHcnWbvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cb/王子凌薪资证明1.scr

Files

b7b7d9abbbe47a305e9c5604dd2971681f3cba20a1ab9c5ca6f368c0fc6e5db5
.zip
__MACOSX/._cb
__MACOSX/cb/._王子凌薪资证明1.scr
__MACOSX/cb/._王子凌薪资证明2.docx
cb/王子凌薪资证明1.scr
.exe windows x86

48251e45678620d435052d1ec3e91737

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

kernel32

GlobalAlloc
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
IsValidLanguageGroup
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCPInfo
GetStringTypeW
IsDBCSLeadByteEx
EnumSystemCodePagesW
IsValidCodePage
RegisterApplicationRestart
LoadLibraryW
FreeLibrary
GetACP
GlobalLock
GlobalUnlock
GetLocaleInfoW
GetThreadLocale
EncodePointer
CloseHandle
GlobalFree
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
CompareStringW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
HeapSetInformation
UnhandledExceptionFilter
GetModuleHandleW
DecodePointer
FindResourceW
LoadResource
SizeofResource
LockResource
lstrcmpW
lstrlenW
MulDiv
WideCharToMultiByte
MultiByteToWideChar

gdi32

SetBkMode
GetLayout
ExtTextOutW
GetTextExtentPoint32W
EnumFontFamiliesExW
GetFontData
GetCharWidth32W
CreateFontW
UnrealizeObject
TextOutW
CreateCompatibleBitmap
GetTextExtentPointW
CreateDIBitmap
CreateCompatibleDC
DeleteDC
GetObjectW
GetTextAlign
SetTextAlign
GetDeviceCaps
BitBlt
CreateSolidBrush
PatBlt
GetStockObject
SetTextColor
SetBkColor
CreatePen
MoveToEx
LineTo
CreateFontIndirectW
DeleteObject
TranslateCharsetInfo
SelectObject
GetTextMetricsW

user32

SetScrollPos
SetScrollRange
GetDlgItemTextW
SetWindowTextW
GetParent
GetDlgCtrlID
GetWindowTextW
PostMessageW
GetWindowTextLengthW
ValidateRect
GetAsyncKeyState
GetMessageTime
GetCursorPos
ScreenToClient
WindowFromPoint
GetUpdateRect
SetCapture
DefWindowProcW
PtInRect
GetMessagePos
EndPaint
BeginPaint
MapWindowPoints
GetWindowDC
ClientToScreen
GetKeyboardLayout
RegisterClassW
LoadCursorW
EnumChildWindows
LoadIconW
GetFocus
PostQuitMessage
FillRect
UpdateWindow
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
AdjustWindowRectEx
SetRect
SetScrollInfo
GetScrollInfo
UnregisterClassW
GetDesktopWindow
RegisterClipboardFormatW
InvalidateRect
IsWindowEnabled
SendDlgItemMessageW
EnableWindow
SetDlgItemTextW
ReleaseCapture
ShowCursor
LoadStringW
SetFocus
CallWindowProcW
DestroyWindow
CreateWindowExW
KillTimer
SetTimer
MoveWindow
ShowWindow
GetWindowInfo
GetDlgItem
SendMessageW
GetSystemMetrics
DrawFocusRect
GetSysColor
GetDC
ReleaseDC
GetClassNameW
GetWindowLongW
SetWindowLongW
GetClientRect
GetWindowRect

msvcrt

memcpy
_vsnwprintf
memset
towupper
free
malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
??3@YAXPAX@Z
calloc
realloc
wcsncpy_s
_wcsupr
wcsstr
_wtol
swscanf_s
??2@YAPAXI@Z

comctl32

ord17

ole32

CoCreateInstance
OleUninitialize
DoDragDrop
CoGetMalloc
OleInitialize

getuname

GetUName

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cb/王子凌薪资证明2.docx

Sharing

General

Malware Config

Signatures

Files

48251e45678620d435052d1ec3e91737

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ole32

getuname

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 1024B - Virtual size: 133KB

.rsrc Size: 109KB - Virtual size: 109KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 1024B - Virtual size: 133KB

.rsrc
Size: 109KB - Virtual size: 109KB

.reloc
Size: 5KB - Virtual size: 5KB