bfc68443726e0280ccb9e2c744c1ae1c59a41640816afb806a00eca81a7e134d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfc68443726e0280ccb9e2c744c1ae1c59a41640816afb806a00eca81a7e134d
Size

357KB
MD5

24bab3dd1359d56a33e6fa4a98ac49f4
SHA1

6c7fb8b0c390647c010ca9e0088281d63dc8bb5c
SHA256

bfc68443726e0280ccb9e2c744c1ae1c59a41640816afb806a00eca81a7e134d
SHA512

bae39f883d212016853ade55a039ac8dd048bddff2049e247000f1319e44fc9b58a10f3813a922ca994a6afbf1cb2b1849f3f0cc67d2abff0baf01c20b99ded0
SSDEEP

6144:V8JpdRauKwRHCx1rkCVug4Qwt1rEY1WBP4Mq6K+jQRzc9l9k/P9TxHh+g0lh3HCE:SxKw21rlugW1wAkA5B+jQ25mxUgCHC96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/公安内网系统.exe

Files

bfc68443726e0280ccb9e2c744c1ae1c59a41640816afb806a00eca81a7e134d
.zip
公安内网系统.exe
.exe windows:4 windows x86

19d4e66d725c89ba6712b82bebc8196d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

Loader

Sections

.data
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ