66badecb26bdc9840dd47d0f175efb983d09ba7cb56f762f98a0140cde5caae1

Sharing

Copy URL Twitter E-mail

General

Target

66badecb26bdc9840dd47d0f175efb983d09ba7cb56f762f98a0140cde5caae1
Size

6.4MB
MD5

9f06469f7653abe0ace5639b6c72a7aa
SHA1

df3fe1862fb21d83cdeae980b3d282835ab07a8e
SHA256

66badecb26bdc9840dd47d0f175efb983d09ba7cb56f762f98a0140cde5caae1
SHA512

3835486476b6de8546514a7f63d94efd978d35be0b5bd5623c1b553ec6749ae9fcb292a5f203801ef21237275961a8d0740ac68f19bf8f925288099f39b5d8af
SSDEEP

98304:w9hj/AfbfbDd5i+Q95qubSrg06nN/1C6la4ZeAeaR5i817I7oAuj5uoaR6:eV/Azl5id4w06N/1dLZnea/i81x6R6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/resources/clash-verge-service.exe

Files

66badecb26bdc9840dd47d0f175efb983d09ba7cb56f762f98a0140cde5caae1
.zip
resources/Country.mmdb
resources/clash-verge-service.exe
.exe windows:6 windows x64

47b59f58ebc44d6f8d90a28cbea0211b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageW
CreateFileW
GetFullPathNameW
WriteConsoleW
WaitForSingleObject
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
GetConsoleMode
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetCurrentProcessId
CompareStringOrdinal
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
PostQueuedCompletionStatus
GetCurrentThread
GetProcAddress
GetModuleHandleA
Sleep
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
CreateMutexA
CreateIoCompletionPort
LoadLibraryA
ReleaseMutex
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
SwitchToThread
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
HeapReAlloc
GetSystemInfo
TerminateProcess
ExitProcess
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
SetHandleInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
WaitForSingleObjectEx
CloseHandle
AcquireSRWLockExclusive
GetSystemDirectoryW
HeapFree
IsProcessorFeaturePresent

ws2_32

WSACleanup
WSAStartup
shutdown
closesocket
recv
send
WSAIoctl
setsockopt
accept
getsockname
ioctlsocket
listen
bind
WSAGetLastError
WSASocketW
WSASend

advapi32

SetServiceStatus
SystemFunction036
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

vcruntime140

__current_exception
__current_exception_context
memcpy
memcmp
memset
__CxxFrameHandler3
memmove
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
exit
_get_initial_narrow_environment
_exit
__p___argc
__p___argv
_initialize_narrow_environment
_initterm
_seh_filter_exe
_set_app_type
_initterm_e
_cexit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/clash.pid
resources/geoip.dat
resources/geosite.dat

Sharing

General

Malware Config

Signatures

Files

47b59f58ebc44d6f8d90a28cbea0211b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 599KB - Virtual size: 599KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 599KB - Virtual size: 599KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 5KB - Virtual size: 5KB