b78cb12bfecf016c3ebe253be005d40b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b78cb12bfecf016c3ebe253be005d40b.zip
Size

6.4MB
MD5

b78cb12bfecf016c3ebe253be005d40b
SHA1

db4160b8a5adf76e8961192a415807f0828346af
SHA256

a6d01fd73228c10585bf0a7fcb80eca535e9735b08dea2f5d8c6b669ebde5b99
SHA512

b130150f7e7ca3f40ee4b13787dd202ed3aa1d3781c5c74b246d353d5aa6181dcaf13b03bd036747c3d0b421cd824544792929408af5ebf8bcbf1b080a247420
SSDEEP

98304:19AfRuia5fzzzwWvNLuDheUjqh39PjpYmYP8Mx8gB+y+V7vbtXDIUSJALGrjvz+h:1uRc/UhbjYl2mYPlSDB3SJALGrjSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/剑来迷失.exe

Files

b78cb12bfecf016c3ebe253be005d40b.zip
.zip
剑来迷失.exe
.exe windows x86

841e1e6cf9e13751665ed621fd62b5b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
CreateErrorInfo
SafeArrayPtrOfIndex

advapi32

RegQueryValueExA
RegSetValueExA

user32

GetKeyboardType
CreateWindowExA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetACP
TlsSetValue
GetVersionExA
GetVersion
Sleep
GetVersionExA
FindFirstChangeNotificationA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

UnrealizeObject

version

VerQueryValueA

mpr

WNetGetConnectionA

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoCreateInstance
DoDragDrop

comctl32

_TrackMouseEvent

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetInstanceExplorer

comdlg32

GetOpenFileNameA

wsock32

WSACleanup

gdiplus

GdipDrawImageRect

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 66KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 156B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.???0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.???1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 245KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

841e1e6cf9e13751665ed621fd62b5b3

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

shell32

comdlg32

wsock32

gdiplus

wtsapi32

Sections

.text Size: - Virtual size: 1.4MB

.itext Size: - Virtual size: 5KB

.data Size: - Virtual size: 58KB

.bss Size: - Virtual size: 66KB

.idata Size: - Virtual size: 15KB

.tls Size: - Virtual size: 156B

.rdata Size: - Virtual size: 24B

.???0 Size: - Virtual size: 2.4MB

.???1 Size: 6.1MB - Virtual size: 6.1MB

.rsrc Size: 245KB - Virtual size: 3.2MB

.text
Size: - Virtual size: 1.4MB

.itext
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 58KB

.bss
Size: - Virtual size: 66KB

.idata
Size: - Virtual size: 15KB

.tls
Size: - Virtual size: 156B

.rdata
Size: - Virtual size: 24B

.???0
Size: - Virtual size: 2.4MB

.???1
Size: 6.1MB - Virtual size: 6.1MB

.rsrc
Size: 245KB - Virtual size: 3.2MB