ZhuDongFangYu[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ZhuDongFangYu.exe
Size

22KB
MD5

a09a9f3ad1af7c2a6d81c15060f990ef
SHA1

257868408d8234b263749a6d52004ab251411925
SHA256

52f9d4b5e6f6ea331f0d98a7d0e5f71e8ef2780b528f83bd30b23b9b72b6d3f8
SHA512

8ce341e80cfc4dc03b4ca6f033c0bdfc49aa675009ad7faf3ea7d1ad83ec63aef8d967e69673628828d0f928592f76729a45383c3e964865714a50ca013fcc64
SSDEEP

384:4+QXwlORdjROSEqa97nV/p9DWHKDPaA8w5vJn3/0:4RjPaj/PLDPaA8w5vd3c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZhuDongFangYu.exe

Files

ZhuDongFangYu.exe
.exe windows x64

d5040cef8ecfa3778c8f83006c65d7ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetFileTime
GetProcAddress
GetModuleHandleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetSystemDirectoryW
CreateFileW
UnhandledExceptionFilter

user32

wsprintfW

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW

vcruntime140

__C_specific_handler
memset
__CxxFrameHandler3
__telemetry_main_invoke_trigger
__std_terminate
__telemetry_main_return_trigger

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm
_get_initial_narrow_environment
__p___argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
__p___argc
_initialize_narrow_environment
_initterm_e
_exit
_set_app_type
_seh_filter_exe
exit
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5040cef8ecfa3778c8f83006c65d7ed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

ntdll

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 48B