5317ccf769f64eb7f81e05e64658fb49cebd3d1ca147b942903be5e69948c4d6

Sharing

Copy URL Twitter E-mail

General

Target

5317ccf769f64eb7f81e05e64658fb49cebd3d1ca147b942903be5e69948c4d6
Size

321KB
MD5

28c791891b0609297b8d1b72c5c8ae6a
SHA1

2b1f44b28f9f63efc3cc46616a895ac89f60cdcc
SHA256

5317ccf769f64eb7f81e05e64658fb49cebd3d1ca147b942903be5e69948c4d6
SHA512

e3ee1041a69eaa24d51823b51b0ea5f1e4ee2e0dd051e0a99f6e24d43f3e8fdf79ff6ed5f8825e767709ff4398311d80115eb34e36d1c803f96fe63cfea607b7
SSDEEP

6144:J4IefLXCRJ1A8LJsZqE8f1d/0TSzAUIHpsRWM5JL//3JjVhcC:eIebA1jJsZHCX0ekU7WMHLBHcC

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/关于上海中检内部疫情谣言控制的通知/QAXProtect.dll
unpack001/关于上海中检内部疫情谣言控制的通知/svrQAXDocProtect_x64.exe

Files

5317ccf769f64eb7f81e05e64658fb49cebd3d1ca147b942903be5e69948c4d6
.zip
__MACOSX/._关于上海中检内部疫情谣言控制的通知
__MACOSX/关于上海中检内部疫情谣言控制的通知/._QAXProtect.dll
__MACOSX/关于上海中检内部疫情谣言控制的通知/._svrQAXDocProtect_x64.exe
关于上海中检内部疫情谣言控制的通知/QAXProtect.dll
.dll windows x86

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
Sleep
FreeLibrary
DisableThreadLibraryCalls
SetEndOfFile
WriteConsoleW
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
FindFirstFileExA
FindNextFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
ReadFile
SetFilePointer
GetConsoleMode
ReadConsoleW
CloseHandle
SetLastError
InterlockedIncrement
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
CompareStringEx
LCMapStringEx
GetStringTypeW
CreateFileW
SetEnvironmentVariableA

user32

MessageBoxA

Exports

Exports

Afewjfiasdhfisfivjehafiuheuhfjaefeafgwe
DFFsdfjefhuhfsjkdahfkawherfewge
SDFDSfdsfjweufalkdfjaoiefhiosjdf
StartHook

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
关于上海中检内部疫情谣言控制的通知/svrQAXDocProtect_x64.exe
.exe windows x86

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
SetLastError
FindNextFileW
GetCurrentProcess
WriteFile
FindClose
CreateFileW
GetModuleFileNameW
GetVersionExW
GetVersion
GetModuleHandleW
GetConsoleMode
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
EnterCriticalSection
HeapFree
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
WriteConsoleW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

SHGetValueW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

935a0cab607d68d10acdd5552abc2029

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

ac38e5925ca0b10384e0ec926685b964

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB